Commonwealth Ombudsman Media Release
Today the Commonwealth Ombudsman released the investigation report, ‘Keeping myGov secure – An investigation into Services Australia’s response to myGov fraud arising from unauthorised linking to member service accounts.’
Commonwealth Ombudsman, Iain Anderson said:
“myGov fraud causes affected Australians stress, anxiety and frustration. Following complaints to my Office, and media reports about incidents of tax fraud linked to myGov. I commenced an investigation based on concerns previously raised with Services Australia that there were not adequate security controls in place to protect people from the impact of myGov fraud.”
“Unauthorised linking” is where a genuine myGov customer’s member service account is linked without their knowledge to a ‘fake’ myGov account created by a fraudster. The investigation found that preventative security controls for unauthorised linking are limited to the proof of record ownership processes that are implemented by the individual myGov member service agencies. These processes vary across those individual agencies.
There are no additional security controls in place to ensure high-risk transactions such as changing bank account details are authorised by genuine customers, presenting a shared risk to all myGov participants.
Mr Anderson noted, “APS agencies responsible for administering a system or program that involves other agencies, like myGov, should understand the levels of risk across the system and ensure risks that could impact other participants are managed effectively, including through identifying and managing shared risks.
”The Ombudsman made four recommendations and two suggestions to Services Australia aimed at improving:
• the security controls for unauthorised linking and high-risk transactions
• how Services Australia and individual member services manage shared risks within the myGov ecosystem
• Services Australia’s approach to responding to customer reports of fraud and breaches to individual records across its three member services.
Reflecting on the importance of APS agencies putting people at the centre of public administration, Mr Anderson said:
“People have told us about the stress and anxiety they experienced when their personal information was stolen, and fraud committed in their name. In these circumstances, it is particularly important that Services Australia provide accessible, consistent and clear information to help people.”
Services Australia accepted the Ombudsman’s recommendations and suggestions. The response and planned actions to implement the Ombudsman’s recommendations are at Appendix A to the report.
Mr Anderson said, “Given the volume and sensitivity of information held in member service accounts linked to myGov, robust protections to stop fraudsters gaining unauthorised access to myGov accounts are essential.”
The Office will monitor the implementation actions in accordance with its usual monitoring practices.
[textblock style=”4″]
The full report is available via our website here: https://bit.ly/4fuVfcL
For more information visit ombudsman.gov.au or for media enquiries please
please email media@ombudsman.gov.au.
[/textblock]
[textblock style=”7″]
Like what we do at The AIMN?
You’ll like it even more knowing that your donation will help us to keep up the good fight.
Chuck in a few bucks and see just how far it goes!
Your contribution to help with the running costs of this site will be gratefully accepted.
You can donate through PayPal or credit card via the button below, or donate via bank transfer: BSB: 062500; A/c no: 10495969
[/textblock]
IT and security in Australia is oxymoronic, with unclear regulation, lax attitudes, punishments and unclear compensation.
See the European Commission’s Digital Services Act
‘What are the key goals of the Digital Services Act?
The DSA protects consumers and their fundamental rights online by setting clear and proportionate rules. It fosters innovation, growth and competitiveness, and facilitates the scaling up of smaller platforms, SMEs and start-ups. The roles of users, platforms, and public authorities are rebalanced according to European values, placing citizens at the centre.’
In the Anglosphere and inc. Brexit Britain, or England, this is viewed as a burden and constraints on business…..
I have been an IT luddite for the 40+ years, since the banks and local government revelation that the computer will speed things up. The clacking machines were quicker for the owners but had the opposite affect for those both sides of the desk. By the turn of the century the computer was god and the info within was sacrosanct and correct even when the human could show it was incorrect. Now the machine rules completely right down to parking the car where we smartphoneless humans can’t use the parking machines. I wonder if that is legal??? ps despite its affect on my reading and the demise of cursive, I love it