ATO working to ensure tax and super info of Optus breach clients is safe

Concern was raised about the issue of digital security with the ATO at the recent Tax Practitioner Stewardship Group meeting where members said they were worried about the potential impacts from a taxation and superannuation perspective for Optus customers who had their data stolen.

The ATO said its systems have not been affected and the data breach does not provide a malicious party with direct access to tax, super and registry records.

However, it is aware of the potential fraud and identity theft risks associated with taxpayers’ personal data having been compromised.

“We are continuing to work with Optus and the Australian Cyber Security Centre (ACSC) to identify and mitigate these risks,” an ATO spokesperson said.

“We take data security extremely seriously and we have a number of safeguards and systems in place to protect taxpayers.

“As the situation develops, we will work closely with any taxpayers and agents who may be affected by the breach to offer our assistance. We encourage taxpayers and agents to consider the material available on Data breach guidance for individuals.”

The ATO advised that tax agents can improve their lines of defence by ensuring they exercise additional care and due diligence, including following the Tax Practitioner Board’s proof of identity requirements for client verification.

It reiterated that strong client verification helps protect tax agents, their clients, and Australia’s tax and superannuation systems from misuse and abuse due to identity theft and related issues.

The ATO’s Strengthening client verification guidelines outlined the steps agents should undertake in relation to client identity verification and it is asking that agents perform identity checks for all new clients including representatives of new clients, new representatives of existing clients, existing clients, where they have concerns the client may not be who they say they are, and existing clients who may have been impacted by the Optus data breach.

myGovID users who do not already have an IP3 (strong) credential are encouraged to step up to IP3. See myGovID and RAM for tax professionals for more information about myGovID for tax agents.

“We have existing processes for taxpayers whose identity has been stolen or misused. Our Client identity support centre can give taxpayers information, advice and assistance to re-establish their identity and ensure their tax records are protected,” the ATO spokesperson said.

“If members receive any questions on the security of TFNs, ABN’s, BAS, please direct them to us for commentary.”