Hacked MyGov, ATO details found being sold online

Cyber attacks continue to blight the nation, with new findings revealing that MyGov, NDIS and Australian Tax Office details have been secured by hackers and sold online.

As discovered through an investigation by the ABC, MyGov, ATO, and National Disability Insurance Scheme details have been circulated online, suggesting that the current cyber climate in Australia is set to worsen.

The ABC, who have concluded from the new findings that the Medibank and Optus hacks are just the "tip of the iceberg", revealed that many of those affected were not sufficiently notified by hacked companies that their data had been jeopardised, with many only made aware when contacted by the ABC.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

For example, a cyber attack on CTARS, a company offering cloud-based client management to the NDIS, saw 9,800 individuals have their information stolen. While the National Disability Insurance Agency stated that everyone affected had been informed.

However, the ABC spoke with 20 of those affected, only one of which had been notified after finding a letter in her junk mail.

Stolen data is not hard to find online either, with one of the main locations where this data is sold and traded not located on the dark web, but on the clear web, meaning it is easily accessed via a Google search.

Cyber intelligence experts, such as CyberCX director of cyber intelligence Katherine Mansted, have expressed concern over the easy access.

VIEW ALL

“There’s a criminal’s cornucopia of information available on the clear web, which is the web that’s indexed by Google, as well as in the dark web.

“There’s a very low barrier of entry for criminals … and often what we see with foreign government espionage or cyber programs — they’re not above buying tools or buying information from criminals either.”

Adding to the concern is the low price of this information, which only further incentivises would-be criminals. The ABC investigation found information being sold for as little as US$1.

Mansted states that the “black economy” of stolen data and cyber crime could be regarded as the third largest economy worldwide, only beaten out by the US and China.

“The cost of buying a person’s personal information or buying access to hack into a corporation, that’s actually declining over time, because there is so much information and so much data out there.”

The lower cost of becoming a cyber criminal has made Australia an attractive target. The ACSC saw cyber crime reports increase by 13 per cent in 2022, the equivalent of one every seven minutes.

You need to be a member to post comments. Become a member for free today!

Ben Monday, 01 May 2023

tippi wrote:
sounds like you left data on your computer or mobile that hackers accessed
How do you figure that? Truth is that often access to an end users computer is rarely required to access an account hosted online.

0
Anonymous Friday, 21 April 2023

I cant understand why Google cant delete peoples data thats up for sale on the Web. Cant Google delete these "dark web" or "clear web" sites ? If the ABC can see personal information being sold for US$1 - then surely Google has the control to remove it ?

1
- David Hollingworth Friday, 21 April 2023
  
  Google has no influence on darkweb sites, I'm afraid - it's an entirely different internet architecture.
  
  0
Stu Thursday, 09 March 2023

Looking forward digital ID arent you?? Safe and effective

0
An identity thief victim Wednesday, 21 December 2022

Well my MyGov was hacked right after my bank account got cleared out by identity thieves. They claimed $20,840 in GST refunds for my 2019 tax return (in 2022 for heavens sake - three years after I submitted my tax return for that year). They took out advances from Centrelink, reducing my access to Centrelink. They cancelled my medicare card. All in the space of three days. These people are out there. They managed to get a total of $40, 000 using my identity before disappearint into the ether

0
- tippi Wednesday, 22 March 2023
  
  sounds like you left data on your computer or mobile that hackers accessed
  
  0
Greg P Thursday, 01 December 2022

It is a well-known fact that corporations over many years, would reduce financial allocations to IT departments as the spending was not necessary, over the top, or we do not need a system like you are proposing. Well those decisions are now biting extremely hard on bottom lines across the globe.
Due to the lack of spending 3rd parties established themselves as the "GURU's" of everything IT. The statements of efficiency, cost saving and secure, which is very much tongue in cheek and only delivered spasmodic results and now the proverbial has really hit the fan they are running for cover.
One thing is abundantly clear, no system is safe! If they want to get your data, they will and it is a matter of time.
Look at the data associated with Google and Facebook....do they get hacked? Not much information on that question, however, do individuals know how much Social Media organisations hold of their personal data. NO
Corporations who suggest they are customer focused and their customer base is their number one asset, is rhetoric to the maximum degree.
Whilst boards, CEO's and other senior management continue to rake in exorbitant personal incomes and individual packages aligned to their success poses a number of questions on corporations, government departments and oganisations as to their worth in managing organisations that store extremely sensitive information. To date I do not know of any senior executive or board member for that matter defending their position of responsibility in a court of law.
I would have thought that under the "Directors and Officers" obligations and responsibility there has been a breach of their duties leaders and management of the hacked organisation.
One can only hope that the cyber security experts, governments and third party providers take these breaches seriously and drive systems security as a major part of their customer focus...
Don't hold your breath

0
- Anonymous Wednesday, 22 March 2023
  
  I agree with the above but the trouble is that individuals are as much to blame. No security, leaving passwords and other important information on computers and devices, using wifi in public spaces or hotels, easy passwords or same password and believing no-one would want to hack into their computer leaves us all vulnerable. In my website hosting business, the cost of running our hosting servers is far less than the cost of the many security software applications we must run to stop the continual assault on our servers by hackers. everyone needs to take some responsibility.
  
  0
  - Mac Thursday, 06 April 2023
    
    Whilst I agree that everyone needs to take responsibility, there is currently way too little consequence for businesses who don't safeguard their customers' sensitive information properly. The risk, cost and consequences of having to deal with identity theft inevitably lands with the unfortunate customer who's had their information compromised due to lazy and/or incompetent businesses.
    
    Over the last years, I've had my personal data exposed in several breaches through absolutely zero fault of my own. This includes of Medibank, Latitude, Eye4Fraud, LinkedIn, RMS (TfNSW), Dropbox and several others. Luckily I'm not an Optus client at least... Whilst leaked passwords and email addresses can be an inconvenience, it's a whole different ball game when they start leaking your full name, your DOB, street address, health insurance number, drivers license or passport numbers etc.
    
    1
    - Realist Sunday, 16 April 2023
      
      I agree with Anonymous. It is very easy to point the finger at "lazy and/or incompetent businesses" (and my experience has been that most businesses are doing a reasonable job). Let's not lose sight of the reality that these are criminals who chose to do the wrong thing. Law enforcement hasn't been able to catch or stop such criminals so it could be said that law enforcement are failing. Media aids and abets such criminals (scaremongering, willingness to trawl the dark web for data and call victims, and even contact the criminals). Customers/people themselves are annoyed and complain if a company doesn't remember their previous purchases, requires them to go through an id check before they will engage/reveal data about their account, etc, in addition to often having poor security practices. The dark web exists unchecked by any Government or law enforcement. Clearly the practices of companies are only one part of the bigger problem.
      
      0

newsletter

Be the first to hear the latest developments in the cyber industry.

Hacked MyGov, ATO details found being sold online

Comments (10)

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED