Papua New Guinea’s Internal Revenue Commission (IRC) has recently been the target of a major cyberattack, significantly disrupting its operations. The attack, first reported on January 29, 2025, led to a system outage, and many of the IRC’s core functions remain offline weeks later. The tax office has not yet officially disclosed the breach, but multiple sources in Papua New Guinea and Australia have confirmed that it was the result of a cyberattack. The breach appears to have impacted several IRC systems, including SIGTAS, its core tax system, as well as phone and email communications.
Local tax agents have expressed concern over the prolonged disruption, as it has slowed down business operations for many clients.
The attack has hindered the IRC’s ability to process approvals and clearances, causing delays for businesses relying on its services. Despite the severity of the breach, the Australian government has offered cybersecurity assistance to Papua New Guinea, but the IRC has yet to accept this support. Some experts find this refusal surprising, given the increasing cyber threats facing Pacific nations.
The breach is part of a growing trend of cyberattacks targeting Pacific Island nations, which have become more frequent in recent years. While Papua New Guinea’s IRC has engaged a private company to assist with recovery efforts, experts warn that the damage caused by such attacks may take weeks or even months to fully resolve. The limited resources and smaller IT budgets in developing economies like Papua New Guinea make these countries more vulnerable to prolonged disruptions when cyberattacks occur.
Cybersecurity expert Robert Potter noted that the recovery process could expose sensitive information and further damage the IRC’s reputation. With foreign investors already cautious, the attack could undermine trust in Papua New Guinea’s ability to secure sensitive data, particularly as the region continues to digitize rapidly. These cyberattacks highlight the growing need for stronger cybersecurity infrastructure in developing nations, especially as the Pacific region faces rising digital threats.
Reference:
