• Great articles on other sites
  • RSS Great articles on other sites

  • Blog, Enterprise IT, Security - Written by on Monday, February 11, 2013 16:03 - 3 Comments

    ATO suffers minor IT security breach


    blog We’re constantly hearing more and more about how “cyber” security is the next big bad, but concrete examples of how Australian Government infrastructure has been broken into are still thin on the ground. One incident to pop up last week has been what appears to be a relatively minor breach of an Australian Taxation Office portal through the logins of a number of tax agents. The Sydney Morning Herald reports (we recommend you click here for the full article):

    “Fears have been raised about the security of Australian taxpayers’ information after four tax agents’ account details were illegally used by third parties.”

    The SMH report was quite sensationalist in nature (we know, not surprisingly for the newspaper), but it does look like quite a substantial amount of investigation has been carried out into what took place here. Also, note that we may see more on this in future, as the SMH reporter who wrote the story has filed a Freedom of Information request for further information from the ATO. However, the ATO doesn’t feel as though the SMH got everything right, and has issued its own statement on the situation:

    “It has been reported today that taxpayer information is at risk after criminals stole the identity of four tax agents. The report suggested that all Australian taxpayers’ information was under threat. This is incorrect. The identities of four tax agents were stolen and used to fraudulently obtain AUSkeys giving access to specialist tax agent online services (tax agent portal).

    The ATO has contained the threat and cancelled the AUSkeys. We are working with the affected tax agents to ensure their practices and information is secure. Doing business online has benefits, but it also comes with risks. People looking to commit identity fraud constantly look for ways to profit so it is critical to remain vigilant regarding your personal information and online security. Online fraud can be complex and multilayered. We are investigating the incident and working with relevant law enforcement agencies.”

    So where’s the truth here? We suspect it’s somewhere in the middle between these two views. Was this a serious breach, with the taxation files of millions of Australians at risk? Not really. The ATO’s systems look to be a little bet better protected than that. But equally, was this just an incident of no consequence? Again, not really. The intrusion did have the potential to see some sensitive tax information stolen.

    In our experience, this kind of outcome is pretty much the norm in the IT security industry. When a break-in initially occurs, it’s panic stations, followed by a gradually calm-down as the realisation hits that nothing that sensitive was accessed. It will be interesting to see if more such security breaches occur over the next few years in the Federal Government.

    Image credit: Matt Aiello, royalty free

    submit to reddit


    You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

    1. GongGav
      Posted 11/02/2013 at 7:19 pm | Permalink | Reply

      Not sure how much I can say, but the blunt reality is that the risk to taxpayers was very very small. You’ve pretty much nailed it Renai, it wasnt an overly serious issue, but equally there will naturally be consequences.

      Look at it a different way. The ATO discovered the issue very early on, and acted on it accordingly. So as something that (sadly) is relatively common in IT security, at least they were able to head it off before it escalated to Sony-esque proportions.

    2. Stephen H
      Posted 12/02/2013 at 10:30 am | Permalink | Reply

      Given reports from the US of how hackers have managed to penetrate government agencies, it seems the only real protection is to avoid attracting hackers’ attention. If they want to break in, they will.

    3. Posted 12/02/2013 at 10:49 am | Permalink | Reply

      It would be interesting to know whether this is a social breach (ie a laptop was stolen that contained the Auskeys), Third party software was hacked (and they obtained the Auskeys that way), or if it is a breach of Auskey itself?

    Leave a Comment


  • Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:

    Follow us on social media

    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Most Popular Content

  • Enterprise IT stories

    • Super funds close to dumping $250m IT revamp facepalm2

      If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

    • Qld’s Grant joins analyst firm IBRS peter-grant

      This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

    • Westpac dumps desk phones for Samsung Android mobiles samsung-galaxy-ace-3

      The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

    • Ministers’ cloud approval lasted just a year reverse

      Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

    • WA Govt can’t fund school IT upgrades oops key

      In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

    • Turnbull outlines Govt ICT vision turnbull-5

      Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

    • NZ Govt pushes hard into cloud zealand

      New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

    • CommBank reveals Harte’s replacement whiteing

      The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

    • Jeff Smith quits Suncorp for IBM jeffsmith4

      Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

    • Small business missing the mobile, social, cloud revolution iphone-stock

      Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.

  • Blog, Enterprise IT - Jul 5, 2014 13:53 - 0 Comments

    Super funds close to dumping $250m IT revamp

    More In Enterprise IT

    Blog, Telecommunications - Jul 5, 2014 12:12 - 0 Comments

    What should the ACCC’s role be in guiding infrastructure spending?

    More In Telecommunications

    Analysis, Industry, Internet - Jun 23, 2014 10:33 - 0 Comments

    ‘Google Schmoogle’ – how Yellow Pages got it so wrong

    More In Industry

    Blog, Digital Rights - Jun 30, 2014 22:24 - 0 Comments

    Will Netflix launch in Australia, or not?

    More In Digital Rights