iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Australian Taxation Office (ATO) lost more than $557 million to fraudsters using personal details from hacks on Optus and Medibank to create fake MyGov accounts.
The Tax Office made the revelation after the ABC made a freedom of information request based on a previous investigation into fake MyGov accounts being linked to the tax details of real people.
The more than half a billion dollars has been lost over the space of two years, thanks to what the ABC is calling a “glaring security gap” in how the ATO confirms the identity of its users. The cyber criminals were able to bypass the identity checks that would normally be sent to the ATO’s customers by hacking their accounts with the help of the previously compromised credentials.
In the financial year between 2021 and 2022, the fraudsters claimed more than $237 million through fake tax claims and business activity statements linked to 7,500 of the ATO’s customers. The figures increased in the following years, with more than 8,100 accounts being linked to $320 in fraudulent activity.
Alarmingly, the ABC first disclosed the ongoing fraud activity in December 2022, when it reported on a specific case of a taxpayer and her accountant uncovering a number of fake tax returns lodged in her name. At the time, she had not received any identity checks on her phone for the creation of the fake accounts linked to her MyGov account – as it turned out, when she checked her account, all of her details, including her bank account and phone number, had been changed.
The fraudulent filings did not raise any red flags as they were made in relatively small $5,000 amounts. At the time, neither the ATO nor Services Australia could confirm just how the fraud was being perpetrated.
Now, after fronting up with a broad dollar cost of the fraud, the ATO is unsure of just how much of the $557 million figure was lost through this particular myGov hack.
“There is a difficulty in identifying this particular type of fraud, as overlinking and prior adjustments are both frequently legitimate,” ATO second commissioner Jeremy Hirschhorn told the ABC in a statement.
Hirschhorn believes the ATO has achieved a “balance between the systems being easy to access for the majority of taxpayers, while being hard to access for those with criminal intent”.
“We are managing an acceptable level of risk.”
The ATO has told its customers to monitor their accounts details are indeed accurate.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
