Addressing the Senate select committee on COVID-19 on Thursday, AFP Commissioner Reece Kershaw said preliminary investigations conducted by the AFP’s cyber crime division had revealed up to 150 people could be affected by the scam.
The fraud was referred to the AFP on 1 May by the ATO, which also made the Assistant Minister for Superannuation, Financial Services and Financial Technology aware earlier this week.
“We are working with the ATO and the relevant super funds in relation to establishing, first of all, up to 150 possible victims,” Mr Kershaw told the committee.
“We are going to resolve [the payments] to see if it has legitimately gone to that client or not, but it could be up to 150 who have had $10,000 defrauded from their super fund.”
ATO commissioner Chris Jordan said the fraud did not appear to be a case of the ATO’s systems being compromised, but of a third party gaining access to the identity details needed to pass through the office’s recently launched myGov system.
“In any situation where an application is made and the information more or less stacks up with what our systems say, approvals are given and the super funds pay money out to the alleged member of the fund,” Mr Jordan told the committee.
In his opening statement, Mr Jordan said the ATO “[reminded] all Australians to be vigilant in keeping their personal information secure and private”.
Mr Kershaw said the AFP was looking into how a “quite sophisticated” third party had intruded into the myGov system using fund members’ personal details.
“What’s happened is this is a classic identity fraud, obtaining details of legitimate people’s data and using that data through the system,” he said.
Liability “would depend on details”
Chair of the ATO’s COVID taskforce Jeremy Geale told the committee he believed individual super funds would be liable for any amounts mistakenly released from a member account.
“The obligation would sit with the super fund, not the ATO. In terms of a fraud on the system, it would be a fraud on the funds – it’s the early release of super from those funds, without knowing the specific details of the fraud,” Mr Geale said.
However, deputy secretary of Treasury’s fiscal group, Jenny Wilkinson, said it would need to be determined when the facts of the case became clearer who was responsible for paying back members’ stolen funds.
“Liability in the event of fraud will depend on the circumstances associated with the case – liability could be attributed to the trustee of the fund, it could be to the administrator, it could be to a government agency or a party that has acted on behalf of the member, so it depends on the details of the case that we’re talking about,” Ms Wilkinson said.
Mr Jordan said given the sophistication of organised crime syndicates in Australia and overseas, he could not guarantee there wouldn’t be further fraud associated with the early release scheme.
“What I can say is we’ve got good security built in and we are already working with our partners in the industry to ensure that their security is up to standard,” he said.
“I have had a discussion with our CIO to ensure that they are doing everything possible to review our systems … and certainly things have happened to take people out of the system already to ensure it doesn’t happen through there.”
I am sorry to see the rambling ill-informed comments. Start thinking people this could result from any source, yes a planners office, yes an accounts office, yes anyone of the many business’s that collect and store data but because they can put a number on the cases it is likely to be a small business, singular.
ok, it was the planners fault again… right!?
So to get into mygovid you have personal identity and tax file numbers presented to the ATO to approve the early access. So what checks are they doing to ensure that it is legitamte?
Quick Quick – call a Royal Commission into Early Release Scheme – get the captain to sink the ship – and staff get thrown under the bus by the captain……bring in New Standards for Staff – minimum Education Standards and new codes of ethical behaviour – ohh….don’t forget compulsory exam testing for all advisory staff to have knowledge of Cyber Crime and white criminal codes of behaviour../..get all staff that work at Super Funds to do courses in Cyber Crime too…oohhh myy….bah bah……Terry,..,? H.E.L.P….(i hope this makes you all laugh).
Surely we could blame an Adviser.
Put a honey pot out and you know it attracts flies. Government meddling with Superannuation like this was always going to end in tears. And even legitimate withdrawals will potentially lead to savings gaps down the track. And who will get the blame for that?
So this whole mess called myGovID which supposedly replaced myGov with 2 factor verification has failed. How could criminals fake a myGovID is the question the ATO must answer. No good enough ATO!!!
Of course myGov already had 2 factor verification but this did not enable “tracking” on a smart device. There seems to be a different agenda here. Freedom must be constantly defended to avoid repression. It is still less than 100 years since the rise of Facism, how soon we forget.
Sounded to me like it was not MyGov or ATO related but possibly a breach at a super fund. More details to follow I hope.