The Australian Federal Police is investigating a fraud committed through the government’s early release of super scheme where up to 150 super fund members have had $10,000 released from their accounts.
Addressing the Senate select committee on COVID-19 on Thursday, AFP Commissioner Reece Kershaw said preliminary investigations conducted by the AFP's cyber crime division had revealed up to 150 people could be affected by the scam.
The fraud was referred to the AFP on 1 May by the ATO, which also made the Assistant Minister for Superannuation, Financial Services and Financial Technology aware earlier this week.
"We are working with the ATO and the relevant super funds in relation to establishing, first of all, up to 150 possible victims," Mr Kershaw told the committee.
"We are going to resolve [the payments] to see if it has legitimately gone to that client or not, but it could be up to 150 who have had $10,000 defrauded from their super fund."
ATO commissioner Chris Jordan said the fraud did not appear to be a case of the ATO's systems being compromised, but of a third party gaining access to the identity details needed to pass through the office's recently launched myGov system.
"In any situation where an application is made and the information more or less stacks up with what our systems say, approvals are given and the super funds pay money out to the alleged member of the fund," Mr Jordan told the committee.
In his opening statement, Mr Jordan said the ATO "[reminded] all Australians to be vigilant in keeping their personal information secure and private".
Mr Kershaw said the AFP was looking into how a "quite sophisticated" third party had intruded into the myGov system using fund members' personal details.
"What’s happened is this is a classic identity fraud, obtaining details of legitimate people’s data and using that data through the system," he said.
Liability "would depend on details"
Chair of the ATO's COVID taskforce Jeremy Geale told the committee he believed individual super funds would be liable for any amounts mistakenly released from a member account.
"The obligation would sit with the super fund, not the ATO. In terms of a fraud on the system, it would be a fraud on the funds – it’s the early release of super from those funds, without knowing the specific details of the fraud," Mr Geale said.
However, deputy secretary of Treasury's fiscal group, Jenny Wilkinson, said it would need to be determined when the facts of the case became clearer who was responsible for paying back members' stolen funds.
"Liability in the event of fraud will depend on the circumstances associated with the case – liability could be attributed to the trustee of the fund, it could be to the administrator, it could be to a government agency or a party that has acted on behalf of the member, so it depends on the details of the case that we’re talking about," Ms Wilkinson said.
Mr Jordan said given the sophistication of organised crime syndicates in Australia and overseas, he could not guarantee there wouldn't be further fraud associated with the early release scheme.
"What I can say is we’ve got good security built in and we are already working with our partners in the industry to ensure that their security is up to standard," he said.
"I have had a discussion with our CIO to ensure that they are doing everything possible to review our systems ... and certainly things have happened to take people out of the system already to ensure it doesn’t happen through there."
FASEA has formally registered a legislative instrument to grant three months' CP...
ASIC has revealed it was forced to take action on more than a dozen incidents of...
The government has flagged it may look at extending regulatory provisions for sc...