Show download pdf controls
  • Data breach guidance for individuals

    Criminals use personal information stolen via data breaches to commit identity crimes. This can leave their victims with a bad credit rating and impact their ability to borrow money, run a business or access government services.

    Once your identity is stolen it can take a long time to recover.

    Data breaches often lead to refund fraud. We have sophisticated methods in place to identify and protect against potential tax and super fraud.

    On this page

    How data breaches can happen

    You may be impacted by a data breach where your personal information is stolen by an unauthorised third party. Data breaches can include both physical and digital records.

    A data breach may be a result of:

    • your employer, tax agent or another organisation's accounts being compromised
    • a home or office break in
    • someone hacking into your computer systems or using targeted phishing emails to compromise your electronic devices
    • your records being accidentally left somewhere.

    What we recommend you do

    • If you are notified of a breach or suspect you have been a victim of a data breach, contact our Client Identity Support Centre on 1800 467 033 Monday to Friday 8.00am–6.00pm AEST. We will discuss with you the level of security safeguards that may need to be applied to your account.
    • If you are concerned about the security of your other personal information and the wider impact of identity theft, we recommend you speak with IDCAREExternal Link on 1800 595 160. IDCARE provide free and confidential support to victims of data breaches and identity theft.
    • We recommend you review your current security practices to help make your identity more secure.

    See also:

    How we protect clients affected by a data breach

    If fraud has occurred on your tax records, we will work with you to fix your account. We may also apply protective measures to protect it from future identity and refund fraud incidents, such as:

    Additional proof of identity

    If you are the victim of a data breach we may ask you for additional proof of record ownership before we discuss your tax affairs. This will apply when you interact with us. Even if you use a tax professional, we may request that you contact us directly.

    Asking questions only you will know assures us we are dealing with the genuine client, and not an unauthorised third party.

    You may also choose to have a secret password created on your record. Secret passwords validate your identity when you deal with us.

    You can set up a secret password with our staff over the phone. However, if we are unable to establish your proof of identify over the phone we may request you visit a shopfront with proof-of-identity documentation or complete the tax file number enquiry form on the Australia Post website.

    Additional monitoring processes

    We will continue to monitor your record. If we identify any irregular activity, we may contact you or your registered tax professional to make sure the activity is legitimate. This may delay the processing of tax returns and other forms.

    Additional security measures

    Depending on your circumstances, we may apply additional security measures within our systems.

    If we apply these measures:

    • you may not be able to use our online channels or myGov
    • pre-fill data may not be available
    • we may need to make extra checks for tax returns and other forms that could delay processing
    • we may prevent business activity statements from issuing automatically. You or your tax professional will need to contact us before each lodgment so we can generate these statements.
    • your digital identity may be suspended while we investigate if there has been a compromise in our online environment.

    Find out about:

    Last modified: 27 Jul 2021QC 54174