ATO Hit with Three Million Cyber Attacks a Month and 4000 in 40 Minutes
By Sarah Sharples
As Aussie businesses have been hit by a spate of recent hackings, the ATO, which holds data for 14 million people, is dealing with a huge number of attempted attacks.
There are a whopping three million attempted cyber hacks on the Australian Taxation Office’s system each month, with warnings that accountants and superannuation funds are at particular risk of having their customers’ personal data stolen.
It comes after a spate of high-profile cyber attacks in recent weeks. Optus suffered an attack which saw 9.8 million customers’ details stolen. (The Commonwealth Bank has been fielding an extra 5000 calls a day since the Optus hack.)
Since then, health insurance giant Medibank has been attacked, with fears deeply personal health information has been accessed, as well as Telstra, NAB, security firm G4S and Australian fruit company Costa Group.
Australian Taxation Office second commissioner Jeremy Hirschhorn revealed the millions of cyber attacks on the government agency in an address to the Tax Institute in Sydney on Thursday, saying that in the 40 minutes it would take him to deliver his speech, there would be 4000 hacking attempts on the ATO.
Optus has been dealing with an attack that saw the details of millions of customers stolen.
He said with personal data or commercially sensitive data increasingly being shared around between banks, super funds, tax agents and the ATO, there was a larger attack surface for cybercriminals.
“There are three million attempted hacks of the ATO’s system every month,” he said.
“The systems of tax agents and super funds are also a ripe source of data.
“Increasingly, we see cascading penetration attempts, where criminals attempt to obtain information from different devices before putting it together for a fraud attempt … The Optus data breach has really brought home how vulnerable many businesses and organisations are to attack and dispelled any sense of hubris.”
The Optus hack left thousands of people having to replace their driver’s licences.
The ATO has an eye-watering amount of data with more than 14 million individual income tax returns lodged every year, while it also deals with 4.3 million small businesses, 201,000 privately owned Australian groups and around 40,000 multinationals.
Mr Hirschhorn also warned that another area of huge concern is the risk of company directors having their identities stolen, as bad actors online pieced together data in sophisticated operations for financial gain.
The ATO has an eye-watering amount of data with more than 14 million individual income tax returns lodged every year.
He added the ATO was pursuing digitisation reforms to improve its service but this also increased cybersecurity risks.
“This is early thinking for us, but we are thinking about ways of how we can give an individual a package of data which they can then share with their representatives,” he said.
“It might solve some of our cybersecurity challenges. It is a big hairy one to solve.”
New research showed 38 per cent of businesses said the cost of cybersecurity protection is prohibitive as they battle inflation, supply chains disruptions and cost of living pressures, but two in three acknowledge they need to beef it up, software company MYOB found.
Recent research also found that Australian businesses are being inundated by cybersecurity incidents and are dealing with an average of over 55 alerts daily – the highest across the Asia Pacific region – according to a report from cybersecurity specialists Trellix.
Alarmingly, 85 per cent of respondents from Australian businesses reported they had lost up to 10 per cent in revenue due to security breaches in the last 12 months.