The Australian Tax Office (ATO) has issued a warning after it discovered tax agent accounts were compromised, giving attackers with the right information access to the records of every taxpayer in the country.
Attackers had used the personal details of tax agents to access their ATO accounts and generate AusKeys, the agency's digital authenticator.
From there, attackers could view details of the agents' clients, including financial and personal information for the previous three years, the Sydney Morning Herald reported.
Tax agents told the publication that attackers could also view the records of any Australian taxpayer provided they knew the target's name, date of birth and tax file number, but the ATO denied this.
The ATO warned tax agents in a letter posted to the website of the Institute of Certified Bookkeepers that the accounts of "a small number of tax agents has been stolen to create unauthorised AUSkeys".
"Those looking to commit fraud are constantly looking for ways to profit so it is critical that you remain vigilant regarding online security and information."
The SMH reported that four agents were compromised.
Attackers with the same details needed to access any tax payer record could also cash out fraudulent tax returns with the ATO.
SC previously revealed how two taxpayers had their claims fraudulently submitted through tax agents, fleecing the ATO of $6500 in both cases.
Crooks were also using stolen personal details to rob victims of superannuation funds, however this was just one attack among a string of other forms of fraud based on identity theft.
The ATO urged agents to review AusKeys issued for their businesses and report unauthorised keys by phoning 1300 146 094.