Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
While the Australian Taxation Office’s systems may remain secure, a wave of tax account theft seems to have taken place.
The Australian Taxation Office (ATO) has revealed that its systems are secure and have not been infiltrated by hackers despite media reports that they were breached.
In a statement on its website, the ATO revealed the reports of $14,000 being stolen may be the result of tax account theft.
“The Australian Taxation Office (ATO) is aware of media reporting that the ATO has been ‘hacked’. This is incorrect. The ATO’s systems are secure, resilient and have not been compromised,” the ATO said.
“The safety of taxpayers’ information is of the utmost importance to us, and the ATO continues to remain vigilant for new and emerging cyber threats.
“If an individual sees unusual activity on their ATO account, it may be related to identity theft. Identity information can be compromised in a variety of ways, including requests for information by malicious actors, phishing emails, large-scale data breaches, and individual device or home network hacking.”
A number of individuals have reportedly come forward and disclosed that their tax accounts have been compromised and fake tax returns have been filed under their name, with the funds being redirected to the threat actors’ accounts.
The ATO has not revealed how many individuals have been affected by this wave of account theft, nor has it disclosed the amount of money that was stolen.
“If an individual is found to be a victim of third-party fraud, we will work with them to fix their client account and remediate it to its true and genuine position. The ATO will then work to recover the monies,” the ATO said.
Alex Cherniakov, senior solution consultant at CBG, told Cyber Daily that while ATO systems may be secure, it is concerning seeing so many accounts compromised.
“The recent reports of over $14,000 in tax returns fraudulently redirected through compromised myGov accounts have rightly raised alarm bells,” he said.
“These are not isolated events; they reveal systemic vulnerabilities in how we protect and verify identity data in the digital age. While the ATO has stated its systems remain ‘secure and resilient’, the real concern is how phishing continues to bypass human and procedural safeguards.
“Timely alerts are important, but they are not enough. We need a more proactive approach from government and industry alike, with early threat detection, coordinated guidance, and stronger accountability.”
Cherniakov added that systems like the Digital ID, while aiming to make online ID verification more secure, need to be implemented faster to keep up with threat actors.
Be the first to hear the latest developments in the cyber industry.
