iTnews

AFP says third-party system intrusion behind early-access super fraud

By Justin Hendry on May 7, 2020 12:01PM
AFP says third-party system intrusion behind early-access super fraud

As many as 150 victims identified, accounts frozen.

The Australian Federal Police has revealed that a third-party system intrusion led to a small number of fraudulent applications to the government’s early access superannuation scheme.

The Australia Taxation Office on Wednesday evening said the fraudulent activity had been detected after a “small number of people … had their personal details unlawfully used”.

It said ATO systems had not been hacked, which ATO commissioner Chris Jordan reiterated that at the senate inquiry into the government’s COVID-19 response on Thursday.

Related: How ANZ, Fintel Alliance sniffed out early super access fraud scheme

“As far as we know, our systems have not been compromised, however … there are obviously people in intermediaries that have access to our systems,” Jordan said.

AFP commissioner Reece Kershaw said that a system relating to a single third-party had been intruded, though did not indicate if this was a super fund or another ATO intermediary. 

“We do have our cyber team on this, and there has been an intrusion into a third-party,” he said.

“So we’re looking into that and how that system was intruded in particular and the actions taken from there. It’s quite sophisticated.”

He also confirmed that the fraudulent activity was not the result of a government system breach.

“It’s a third-party that sits outside of the government network,” Kershaw said.

Kershaw said that although the AFP was in the early stages of investigation, the fraud could have impacted as many as 150 victims.

“We have actually identified some bank accounts and had those bank accounts frozen with approximately $120,000 all up,” he said.

ATO chief information officer Ramez Katf, who also appeared at the committee, said while as many as 250 third-parties connected to ATO systems, there were a number of controls in place.

“We have a lot of different levels of security and controls that we put in place between us and a number of third-parties,” he said.

“We have about 250 different third-parties that connect to our systems, either transacting with us, providing us with data or accepting data. 

“And we’ve put in place a number of layers, requiring them [third-parties] to put in place some levels of security that they need to comply with."

He also said there were “a number of layers that try to prevent any of those fraudulent transactions and activities”.

“From our side, we track the transactions as they come through and we look for patterns, and look to try and identify those,” he said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
afpatocyberfraudsecuritysuper

Partner Content

Don't miss Australia’s premiere IoT Conference on 9th June
Promoted Content Don't miss Australia’s premiere IoT Conference on 9th June
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Operationalising net zero to be centre stage at IoT Impact conference
Partner Content Operationalising net zero to be centre stage at IoT Impact conference

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Justin Hendry
May 7 2020
12:01PM
0 Comments

Related Articles

  • AFP targets BEC, phishing with new cybercrime centre
  • Two arrested over large-scale SMS phishing scam
  • AFP leading new cross-agency ransomware taskforce
  • CBA sets up Group Security division to bridge physical, infosec domains
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co to cut 160 applications under $200m IT simplification

NBN Co to cut 160 applications under $200m IT simplification

What to expect from the incoming Labor government

What to expect from the incoming Labor government

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Digital Nation

CTO Juergen Mueller offers a glimpse into SAP's metaverse play
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
COVER STORY: Data and IoT set digital agriculture on a sustainable future
COVER STORY: Data and IoT set digital agriculture on a sustainable future
Lendlease launches its own metaverse in Milan
Lendlease launches its own metaverse in Milan
Why do DeFi and DAOs matter to business?
Why do DeFi and DAOs matter to business?
COVER STORY: A Year in the Metaverse
COVER STORY: A Year in the Metaverse
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.