Show download pdf controls
  • Online security

    There are many ways you can interact with us online, including lodging your tax returns and other tax-related information.

    We take the security and privacy of your personal information very seriously. We have steps in place to make sure your data and online transactions with us are secure and safe.

    You can help make sure your online transactions with us are safe by taking some simple steps.

    On this page

    Stay safe online

    As a taxpayer you play a big part in protecting your personal information when you interact online.

    You should:

    • Be careful when downloading attachments or clicking links, even if the message seems to come from someone you know.
    • Always access our online services directly via ato.gov.au, my.gov.au or the ATO app, not by following a link.
    • Keep your tax file number (TFN) and passwords secure – don't share your password with others.
    • Keep your superannuation account details secure – don't share your account details with unknown sources online.
    • Never reply to emails with your password or other sensitive information (such as your TFN), including to prospective employers.
    • Change your passwords regularly.
    • Use multi-factor authentication where possible – using SMS codes as your sign-in option for myGov is a quick and secure way to sign-in to access ATO online services.
    • Make sure your digital identity, such as myGovID, is secure. Your digital identity is unique to you and shouldn’t be shared. Sharing it gives others access to your personal data across services, such as tax and health.
    • Avoid conducting high-risk transactions, such as banking or logging on to online services, over unsecure public Wi-Fi.
    • Never share personal information, such as your TFN, myGov or bank account details, on social media.
    • Regularly back up your data onto an external hard drive or cloud backup. Secure your backup devices by making sure they are not continuously connected to your main network.
    • Keep your software up to date. Protect yourself and your business by installing the latest security updates, running regular anti-virus scans and using a spam filter on your email accounts.
    • Disable remote access software until it's needed.
    • Make data security an everyday priority – practice good 'cyber hygiene' and constantly review your security habits.
    • Make sure you check your myGov Inbox regularly – if you know everything is in order, it will be harder for a scammer to convince you otherwise.

    We encourage you to be alert and check your online practices at least quarterly.

    Our Online security self-assessment questionnaire gives you information to help you improve your online security.

    Next step:

    See also:

    How we protect you

    We keep your personal information safe by:

    • confirming your details when you contact us
    • having a range of systems and controls in place to make sure your data and transactions with us are secure
    • logging access to your personal information (to help us identify any unusual behaviour).

    To help you stay safe online, we will not:

    • ask you for your TFN or bank details via return email, SMS, or on social media
    • give your personal information to anyone without your consent, unless the law permits us to
    • communicate with you on behalf of another government agency or ask another government agency to represent us.

    See also:

    Data breach guidance

    A data breach is when confidential information is accessed, disclosed without authorisation, or lost.

    To protect yourself, your business, and your employees and clients against identity crime and fraud, you should take appropriate security precautions.

    If you or your business experiences a data breach, there are steps you can take to minimise the impact.

    See also:

    Security for digital service providers

    We offer a range of digital services that support the community to interact with us to do business. We place specific security measures around where and how we store, access and transfer data.

    The growth of our digital wholesale services increases productivity and connects the community across the digital economy. This presents a range of service opportunities for us and the community. However, there are also business risks and security implications to be managed.

    The Digital Service Provider (DSP) Operational Framework addresses these risks. It establishes how we'll provide access to and monitor the digital transfer of data through software.

    See also:

    Authorised by the Australian Government, Canberra.

    Last modified: 27 Jul 2021QC 40958