ato logo
Search Suggestion:

Data breach guidance for individuals

If you have experienced a data breach that has compromised your tax identity, we have advice to help protect you.

Last updated 21 February 2024

If your personal information is lost or stolen

If your personal information has been lost or stolen in a data breach, it can lead to identity crime and fraud on your tax or super accounts.

If you have experienced a data breach that has compromised your tax identity, we have advice to help you protect your information and account.

We can take action to identify and protect you against potential tax and super fraud.

How data breaches can happen

You may be impacted by a data breach where your personal information is stolen by an unauthorised third party. Data breaches can include both physical and digital records.

A data breach may be a result of:

  • your employer, tax agent or another organisation's accounts being compromised
  • a home or office break-in
  • someone hacking into your computer systems or using targeted phishing emails to compromise your electronic devices
  • your records being accidentally left somewhere.

Criminals can use personal information stolen during data breaches to commit identity crime. If your identity is stolen, it is difficult to recover.

What to do after a data breach

  • If you are notified of a breach or suspect you have been a victim of a data breach, you can contact us to discuss the level of security safeguards you may need applied to your account. Phone our Client Identity Support Centre on 1800 467 033 between 8:00 am and 6:00 pm AEDT, Monday to Friday.
  • IDCAREExternal Link provide free and confidential support to victims of data breaches and identity theft. If you are concerned about the security of your personal information and the wider impact of identity theft, phone IDCARE on 1800 595 160.
  • Find out more about how to help secure your identity. See top cyber security tips for individuals.

How we protect clients affected by a data breach

If fraud has occurred on your tax records, we will work with you to fix your account. We may also apply protective measures to protect it from future identity and refund fraud incidents, such as:

Additional proof of identity

If you are the victim of a data breach and you contact us, we may ask you for additional proof of record ownership before we discuss your tax affairs. If you use a tax professional, we may request that you contact us directly.

To discuss additional levels of security safeguards that you can apply to your account, phone our Client Identity Support Centre on 1800 467 033 between 8:00 am and 6:00 pm AEDT, Monday to Friday.

Additional monitoring processes

We will continue to monitor your record. If we identify any irregular activity, we may contact you or your registered tax professional to make sure the activity is legitimate. This may delay the processing of tax returns and other forms.

Additional security measures

Depending on your circumstances, we may apply additional security measures in our systems.

If we apply these measures:

  • you may not be able to use our online channels or myGovExternal Link
  • pre-fill data may not be available
  • we may need to make extra checks for tax returns and other forms that could delay processing
  • we may prevent business activity statements from issuing automatically. You or your tax professional will need to contact us before each lodgment so we can generate these statements
  • your digital identity may be suspended while we investigate if there has been a compromise in our online environment.

Large data breaches

We are aware of large data breaches such as the Optus data breach and Medibank cyber incident and that people who have been affected might be concerned about their personal information. We assure you that ATO systems have not been affected.

 

Steps to make sure your personal information is safe if it has been lost or stolen in a data breach or cyber incident.

QC54174