How a GST Portal Hack Cost a Greater Noida Firm ₹1.80 Crore
GST portal hacked by accountant — sounds like a sensational headline, but it’s now a real cautionary tale for every Indian business owner.
In a recent case reported from Greater Noida, an accountant misused access to a company’s GST portal, created fake invoices, generated e-way bills, and routed ₹1.80 crore worth of transactions — all without the owner’s knowledge.
This blog breaks down what happened, how GST fraud like this works, and most importantly — what steps you should take today to prevent it from happening to your firm.
What Exactly Happened?
According to the FIR filed by a company named R.S. Infra, their former accountant:
- Logged in using the company’s GST portal credentials
- Created fake invoices using shell entities
- Generated 329 e-way bills over several months
- Misused the PAN and Aadhaar of the promoter
- Routed fake transactions without consent
- Caused tax liabilities that now fall back on the actual firm
The fraud was uncovered when the company received tax department notices — long after the accountant had quit.
GST Portal Hacked: How Does This Fraud Happen?
Here’s a simple breakdown of how internal fraud over the GST portal can be pulled off:
| Step | Fraud Action |
|---|---|
| 1 | Steals or misuses GST login credentials |
| 2 | Creates fake vendor/customer invoices |
| 3 | Uploads these on the GSTN portal |
| 4 | Generates e-way bills using the firm’s GSTIN |
| 5 | Routes fake supply chains and claims ITC |
| 6 | Disappears before the tax authorities catch on |
Once uploaded, all liability and compliance burden falls on the registered taxpayer — not the accountant.
Why This Case Is a Wake-Up Call for Businesses
This is not an isolated case. With over 1.5 crore registered GSTINs in India, the misuse of credentials has become a growing risk — especially in MSMEs where:
- Only the accountant handles tax filings
- No two-factor authentication is enabled
- Owners don’t monitor GST filings regularly
- There is no audit trail of user activity
Focus Keyphrase in Subheading: GST portal hacked — What Can You Do to Prevent It?
Here’s your prevention checklist:
1. Never share credentials blindly
- Use user-level access in GSTN via GSP or ASP platforms
- Don’t give master login to junior staff or external agents
2. Enable OTP-based two-factor authentication
- Use Aadhaar-based login wherever possible
- Change passwords every 3–6 months
3. Use GST Suvidha Providers (GSPs)
- Instead of giving login credentials, assign API-based task roles via a trusted GSP like Efiletax
- This keeps activity logs and restricts invoice generation rights
4. Monitor GSTR filings regularly
- Cross-verify uploaded invoices vs. actual business
- Track mismatches using GSTR-2B and GSTR-1
5. Deactivate unused DSCs and users
- Revoke access immediately when an employee leaves
- Update authorised signatory records on GST portal
Legal Remedies: Can You Escape the Liability?
Not easily. Under Section 122 of the CGST Act, penalties apply to the registered person for any fraud involving:
- Fake invoices
- Wrongful ITC claims
- Non-existent supply
In some cases, Section 132 (criminal offence) may also apply if fraudulent intent is proven. However, if you can establish that:
- You had no knowledge
- Proper internal controls were in place
- The fraudster misused your identity
…you may seek relief under the principles of natural justice, backed by precedents such as M/s D.Y. Beathel Enterprises vs The State Tax Officer (Madras HC).
Still, prevention is far cheaper than litigation.
Expert Tip from Efiletax
Use an API-integrated filing platform where user roles and logs are clearly defined. Platforms like Efiletax allow you to:
- Assign limited rights to staff
- Lock sensitive modules
- Get audit trails for every action
This avoids blind trust — and future tax shocks.
Closing: Don’t Let a ₹1.80 Crore Lesson Happen to You
You don’t need to be a victim of GST portal fraud. With the right tools, access controls, and awareness, your compliance process can be bulletproof.
Use Efiletax to secure your GST filings with role-based access, expert audit support, and real-time alerts.
FAQ: GST Portal Hacked
Q1. Can I file a police complaint for GST fraud by staff?
Yes. File an FIR under IPC fraud sections and submit a complaint to GSTN via helpdesk or email.
Q2. Is the firm responsible for fake invoices created by an ex-employee?
Yes, unless you can prove lack of knowledge and show preventive measures were taken.
Q3. How do I revoke access to my GST portal?
Login > Authorised Signatories > Remove user or DSC > Update via DSC.
Summary
GST portal hacked by accountant in ₹1.80 crore fake invoice scam. Learn how to prevent internal GST fraud with access controls, filing audits, and secure platforms like Efiletax.