Tens of thousands locked out of ATO Online accounts after payroll hack

By on
Tens of thousands locked out of ATO Online accounts after payroll hack

Precautionary measure taken while investigation continues.

Tens of thousands of people have been temporarily locked out of their ATO Online accounts after a ransomware attack on major payroll software provider Frontier Software last month.

The Australian Taxation Office has taken the precautionary action while it investigates the full extent of the incident, which has seen data from some Frontier Software customers stolen.

The South Australian government is one of the biggest customers to have been caught up in the data breach, with Treasurer Rob Lucas earlier this week confirming nearly 80,000 public servants have been impacted.

Lucas last week advised that the records of at least 38,000 employees had been stolen in the ransomware attack, but that a further 42,000 records might also have been accessed.

Data stolen includes names, dates of birth, tax file numbers, addresses, bank account details and remuneration and superannuation contributions.

Only staff from the SA Department of Education – which uses a different payroll system – have been spared.

Following confirmation of the data exfiltration last week, SA public servants affected by the data breach began to notice that access to their ATO Online accounts through myGov had been disabled.

iTnews has been told that accounts can only be unlocked for 48 hours at a time, with normal access no longer possible.

The ATO confirmed to iTnews that it had “placed safeguards on a large number of ATO accounts” in response to the data breach as a precaution until it can complete its investigation with Frontier Software.

SA government employees and others affected individuals who the ATO has “identified may be associated with the Frontier cyber incident” have had the safeguards applied.

“We are working with Frontier and still investigating the matter to confirm details of the breach,” a spokesperson said.

“Once we have finished our investigation we will assess the safeguards we have in place.”

The spokesperson described the action as “standard practice for the ATO... if there is a risk of taxpayer information being compromised”.

“The safeguards we have in place do not affect taxpayers’ ability to access their overarching myGov account – they can still use myGov to access other agencies’ services as normal,” the spokesperson said.

The ATO said that a locked account does not mean it has been compromised, and that “current investigations have not revealed any compromised ATO accounts”.

Other actions taken by the ATO since last week, according to the SA government, include additional security measures aimed at detecting fraudulent activity using stolen tax file numbers.

Banks, the SA public sector employee superannuation scheme SuperSA and the SA government's salary sacrifice provider Maxxia have been similarly notified to add safeguards around the data they hold.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?