The Australian Taxation Office (ATO) is being hit by 3 million attempted cyber security attacks every month and is facing a growing threat from data-sharing by banks and superannuation funds.
The country’s Second Commissioner Jeremy Hirschhorn has warned that the ATO’s increasing digitisation efforts have made it more vulnerable to attacks due to a widening attack surface.
In addition, Hirschorn warned that “cascading penetration attempts”, where criminals attempt to obtain information from different devices before putting it together for a fraud attempt, were on the rise.
Speaking during The Tax Summit 2022, Hirschorn claimed the recent Optus data breach has really “brought home how vulnerable many businesses and organisations are to attack and dispelled any sense of hubris”.
"There is [the possibility] of cyber-enabled identity fraud and cyber-enabled information theft,” he said. In the time it takes me to make this speech, there will be 4,000 attempted hacks on the ATO’s system.
During his talk, Hirschorn said that as personal data or commercially sensitive data are increasingly being shared between banks, super funds and tax agents, cybercriminals are gaining a larger window of attack.
“The ATO will continue to strengthen our safeguards and think about how we can help the broader ecosystem that you [tax agents] are part of,” he said.
Hirschorn’s comments come weeks after Optus was hit by a data breach that saw up to 9.8 million customers potentially affected in what was Australia’s biggest data breach in its history.
Following this, Medibank announced it had detected suspicious behaviour on its network on 12 October. This week, it was revealed that the hackers had taken 200GB of customer data and are holding the insurer to ransom over the information.