1
00:00:03,600 --> 00:00:06,760
Speaker 1: From The Australian. Here's what's on the front. I'm Kristan Amiot.

2
00:00:06,960 --> 00:00:13,520
Speaker 1: It's Monday, May nineteen, twenty twenty five. Prime Minister Anthony

3
00:00:13,520 --> 00:00:17,599
Speaker 1: Alberizi met with Ukrainian President Voladimir Zelenski on the sidelines

4
00:00:17,640 --> 00:00:21,759
Speaker 1: of Pope Leo's inauguration mass in Rome on Sunday. The

5
00:00:21,800 --> 00:00:25,840
Speaker 1: pair discussed the incarceration of Australian man Oscar Jenkins, who

6
00:00:25,920 --> 00:00:29,160
Speaker 1: was sentenced to thirteen years in a Russian prison after

7
00:00:29,200 --> 00:00:35,239
Speaker 1: being caught fighting on the front lines for Ukraine. To

8
00:00:35,360 --> 00:00:38,400
Speaker 1: net zero or not to net zero? That's the question

9
00:00:38,600 --> 00:00:42,600
Speaker 1: looming over new Liberal Party leader Susan Lay. She's under

10
00:00:42,600 --> 00:00:45,479
Speaker 1: pressure from some MPs not to support a twenty to

11
00:00:45,560 --> 00:00:49,560
Speaker 1: fifty emissions policy that they say demands a blank check.

12
00:00:50,440 --> 00:00:53,240
Speaker 1: That exclusive story is live right now at the Australian

13
00:00:53,280 --> 00:01:00,600
Speaker 1: dot Com dot AU. Hackers have harvested potentially millions of

14
00:01:00,640 --> 00:01:05,360
Speaker 1: dollars from unsuspecting taxpayers by breaking into their ATO accounts

15
00:01:05,520 --> 00:01:10,200
Speaker 1: and submitting bogus tax returns. The Australian Taxation Office says

16
00:01:10,280 --> 00:01:13,839
Speaker 1: its systems are safe from cyber threats, but The Australian's

17
00:01:13,880 --> 00:01:17,080
Speaker 1: Paul Garvey believes there's evidence to suggest a breach like

18
00:01:17,200 --> 00:01:30,200
Speaker 1: this has been a long time coming. When Kate Quinn's

19
00:01:30,200 --> 00:01:32,800
Speaker 1: accountant logged in to complete her tax return at the

20
00:01:32,880 --> 00:01:35,840
Speaker 1: end of the last financial year, she made a shocking

21
00:01:35,880 --> 00:01:40,240
Speaker 1: discovery her tax account had been hacked and her tax

22
00:01:40,280 --> 00:01:44,360
Speaker 1: return was gone paid out to a mystery bank account.

23
00:01:45,120 --> 00:01:48,160
Speaker 2: So they hacked in, They unticked notify me or notify

24
00:01:48,240 --> 00:01:51,880
Speaker 2: my tax agent, change the bank account details. He said,

25
00:01:51,920 --> 00:01:55,920
Speaker 2: it probably takes all of ten to fifteen seconds, and

26
00:01:56,000 --> 00:01:58,920
Speaker 2: the money's gone, and the case is closed, and no

27
00:01:58,960 --> 00:02:02,880
Speaker 2: one's notified, and then the bank account is closed. And

28
00:02:02,960 --> 00:02:07,160
Speaker 2: I just thought this is unbelievable that it's so easy.

29
00:02:08,680 --> 00:02:12,400
Speaker 1: And the thing is, Kate's predicament isn't unique.

30
00:02:13,240 --> 00:02:16,000
Speaker 2: I reckon it's the chip of the eyes Berg. Well,

31
00:02:16,040 --> 00:02:21,680
Speaker 2: I think it's happened to thousands.

32
00:02:22,960 --> 00:02:26,320
Speaker 3: The picture that's emerging is that hackers have been able

33
00:02:26,360 --> 00:02:29,280
Speaker 3: to obtain the personal details of a whole lot of

34
00:02:29,280 --> 00:02:33,280
Speaker 3: Australian taxpayers and their tax file numbers and basically use

35
00:02:33,320 --> 00:02:37,959
Speaker 3: that data to find their way into the MyGov system

36
00:02:38,240 --> 00:02:41,040
Speaker 3: and then they'll submit these fraudulent tax returns.

37
00:02:41,960 --> 00:02:44,680
Speaker 1: Paul Garvey is a senior reporter with the Australian.

38
00:02:45,480 --> 00:02:47,560
Speaker 3: It seems as though about eight thousand dollars is the

39
00:02:47,560 --> 00:02:50,400
Speaker 3: magic number that these hackers go after, and that it's

40
00:02:50,480 --> 00:02:52,520
Speaker 3: large enough to make it worth their while, but not

41
00:02:52,680 --> 00:02:55,720
Speaker 3: so large that triggers the automatic red flags within the

42
00:02:55,760 --> 00:02:59,600
Speaker 3: ato's own system. The other scary thing here is that

43
00:02:59,800 --> 00:03:03,400
Speaker 3: the hacks, by and large seem to be found almost

44
00:03:03,400 --> 00:03:07,320
Speaker 3: by accident, when individuals or their accountants go to lodge

45
00:03:07,360 --> 00:03:10,680
Speaker 3: that year's tax return and find hang on this tax

46
00:03:10,680 --> 00:03:13,800
Speaker 3: returns already been lodged. So that's when the alarm bells ring.

47
00:03:13,840 --> 00:03:17,160
Speaker 3: And so it's really quite concerning that these things are

48
00:03:17,200 --> 00:03:20,959
Speaker 3: happening at this sort of scale and seemingly off the radar.

49
00:03:22,760 --> 00:03:27,880
Speaker 1: The ATO uses multi factor authentication to protect users online accounts.

50
00:03:28,240 --> 00:03:30,880
Speaker 1: That's where you plug in a unique code received via

51
00:03:30,960 --> 00:03:34,520
Speaker 1: email or text message before you can log in, and

52
00:03:34,840 --> 00:03:37,600
Speaker 1: voice prints to help identify us. When we pick up

53
00:03:37,600 --> 00:03:39,800
Speaker 1: the phone and call thank you.

54
00:03:39,760 --> 00:03:44,320
Speaker 4: For pulling the Australian Taxation Office Individual Info Line. We've

55
00:03:44,360 --> 00:03:48,680
Speaker 4: introduced a highly secure and faster way to access your information.

56
00:03:49,040 --> 00:03:52,360
Speaker 4: Your call will be recorded to improve our services and

57
00:03:52,480 --> 00:03:55,720
Speaker 4: to create your unique voice print, which may be used

58
00:03:55,720 --> 00:03:57,320
Speaker 4: to verify your identity.

59
00:03:58,280 --> 00:04:02,040
Speaker 1: But the multi factor authentication wasn't triggered when Kate's account

60
00:04:02,080 --> 00:04:05,680
Speaker 1: was compromised, and nobody seems to know how the hackers

61
00:04:05,760 --> 00:04:06,960
Speaker 1: are getting around it.

62
00:04:07,720 --> 00:04:10,640
Speaker 3: These are the processes that they're annoying when we have

63
00:04:10,680 --> 00:04:12,240
Speaker 3: to go through them in our day to day lives,

64
00:04:12,240 --> 00:04:14,120
Speaker 3: but they're there for a very good reason, and that

65
00:04:14,200 --> 00:04:16,359
Speaker 3: is to prevent this sort of thing happening. And it

66
00:04:16,400 --> 00:04:19,359
Speaker 3: seems as though that system, for whatever reason, is just

67
00:04:19,440 --> 00:04:23,680
Speaker 3: breaking down inside the ato's processes here, that those two

68
00:04:23,680 --> 00:04:27,280
Speaker 3: factor authentications aren't triggering at the right times, aren't triggering

69
00:04:27,279 --> 00:04:29,400
Speaker 3: for the right sort of matters, and really open the

70
00:04:29,440 --> 00:04:31,920
Speaker 3: door of these kind of incidents. And it's something that's

71
00:04:31,920 --> 00:04:37,120
Speaker 3: been identified previously in investigations into the ato's online security systems.

72
00:04:37,600 --> 00:04:40,640
Speaker 3: And if these cases of Kate and other people I've

73
00:04:40,680 --> 00:04:44,000
Speaker 3: spoken to another accounts that I've read are accurate, then

74
00:04:44,400 --> 00:04:46,839
Speaker 3: there seems to be a lingering issue in the way

75
00:04:46,880 --> 00:04:47,760
Speaker 3: these things are managed.

76
00:04:48,720 --> 00:04:51,279
Speaker 1: And so, Paul, what's the ATO doing to recover that

77
00:04:51,360 --> 00:04:53,919
Speaker 1: money that's been fraudulently paid out to the hackers.

78
00:04:54,520 --> 00:04:57,159
Speaker 3: It would be great to get some more information from

79
00:04:57,160 --> 00:05:00,080
Speaker 3: the ATO on this, because it would seem to me

80
00:05:00,160 --> 00:05:04,080
Speaker 3: from the outside like it should be quite straightforward, right.

81
00:05:04,120 --> 00:05:08,000
Speaker 3: This money's being sent to a bank account, and we

82
00:05:08,160 --> 00:05:11,360
Speaker 3: have all these sorts of know your customer laws in Australia,

83
00:05:11,440 --> 00:05:14,440
Speaker 3: all these money laundering laws in Australia where banks are

84
00:05:14,480 --> 00:05:17,160
Speaker 3: supposed to be able to know just who is actually

85
00:05:17,160 --> 00:05:21,760
Speaker 3: holding these bank accounts. Yet there's been no clear explanation

86
00:05:21,880 --> 00:05:27,000
Speaker 3: to me that those requirements are actually being effective here

87
00:05:27,080 --> 00:05:30,400
Speaker 3: identifying who is actually receiving this money and are they

88
00:05:30,440 --> 00:05:32,599
Speaker 3: getting it back from them. It's a big issue for

89
00:05:32,640 --> 00:05:34,680
Speaker 3: the at cloring this back and we would love to

90
00:05:34,680 --> 00:05:37,440
Speaker 3: know how successful they're being and if they're not being successful,

91
00:05:37,800 --> 00:05:40,120
Speaker 3: what needs to change to get that money back because

92
00:05:40,360 --> 00:05:42,800
Speaker 3: it belongs to all of us. It's tax payer money

93
00:05:42,800 --> 00:05:44,640
Speaker 3: at the end of the day, and we need to

94
00:05:44,640 --> 00:05:45,679
Speaker 3: get these moneies back.

95
00:05:49,080 --> 00:05:52,200
Speaker 1: Over a series of phone calls, Kate Quinn, who works

96
00:05:52,200 --> 00:05:54,880
Speaker 1: in the not for profit sector, was told she could

97
00:05:54,920 --> 00:05:57,920
Speaker 1: face a long wait to see the situation resolved.

98
00:05:58,760 --> 00:06:01,880
Speaker 2: I was told would be waiting up to a year

99
00:06:03,040 --> 00:06:06,600
Speaker 2: while they investigate. And I said, no, this is not right.

100
00:06:06,720 --> 00:06:10,560
Speaker 2: I pay my taxes, this is my money. And I said,

101
00:06:10,600 --> 00:06:14,400
Speaker 2: I don't see why you can't honor this, and they said, yeah,

102
00:06:14,440 --> 00:06:17,039
Speaker 2: it doesn't work like that. You'll be waiting quite a

103
00:06:17,080 --> 00:06:21,120
Speaker 2: long time. She kept on them, so I gave it

104
00:06:21,200 --> 00:06:25,400
Speaker 2: a few months and I called back just to annoy them,

105
00:06:25,440 --> 00:06:29,599
Speaker 2: and they all said it's under investigation for yours and

106
00:06:29,680 --> 00:06:30,839
Speaker 2: a ton of others.

107
00:06:32,200 --> 00:06:36,360
Speaker 1: Kate did eventually receive her tax refund, but not everyone

108
00:06:36,360 --> 00:06:38,480
Speaker 1: who was hacked has seen the same outcome.

109
00:06:39,160 --> 00:06:42,520
Speaker 3: Looking at the ato's own community page where people can

110
00:06:42,560 --> 00:06:45,719
Speaker 3: go up there and post questions for the ATO, you

111
00:06:45,760 --> 00:06:48,440
Speaker 3: can see there's multiple people all saying the same sort

112
00:06:48,480 --> 00:06:50,360
Speaker 3: of thing, and you can imagine the panic as well

113
00:06:50,400 --> 00:06:53,520
Speaker 3: for individuals when they find this out right, because a

114
00:06:53,560 --> 00:06:57,640
Speaker 3: lot of people are terrified that they will be obliged

115
00:06:57,680 --> 00:07:01,839
Speaker 3: to pay back that fraudulent return themselves. There's the uncertainty

116
00:07:01,839 --> 00:07:04,400
Speaker 3: that comes with that. And also for a lot of people,

117
00:07:04,600 --> 00:07:09,000
Speaker 3: that tax return money can be a really important piece

118
00:07:09,040 --> 00:07:12,720
Speaker 3: of financial relief. Right these are tough financial times, cost

119
00:07:12,720 --> 00:07:15,640
Speaker 3: a living crisis. That couple of grand in your pocket

120
00:07:15,760 --> 00:07:17,400
Speaker 3: on the back of a tax return can be the

121
00:07:17,480 --> 00:07:20,280
Speaker 3: thing that really keeps a lot of families afloat. And

122
00:07:20,320 --> 00:07:23,680
Speaker 3: so if there's fraud hanging over that account, can they

123
00:07:23,680 --> 00:07:26,200
Speaker 3: actually go ahead and claim their legitimate entitlement. So it's

124
00:07:26,200 --> 00:07:28,280
Speaker 3: a scary process and it's not a quick process to

125
00:07:28,320 --> 00:07:31,160
Speaker 3: resolve either, So that's a lot of sleepless nights for

126
00:07:31,200 --> 00:07:33,240
Speaker 3: a lot of people when wanted to get this resolved.

127
00:07:34,120 --> 00:07:35,800
Speaker 1: So how many people are we talking here?

128
00:07:36,120 --> 00:07:38,240
Speaker 3: I did ask them that direct question, and the response

129
00:07:38,280 --> 00:07:40,800
Speaker 3: that came back with didn't address that. I can see

130
00:07:41,000 --> 00:07:45,800
Speaker 3: through other reports that there's certainly many instances, at least dozens.

131
00:07:46,040 --> 00:07:49,160
Speaker 3: But interestingly, talking to people like Kate who have been

132
00:07:49,200 --> 00:07:52,120
Speaker 3: through this process, when they're talking over the phone to

133
00:07:52,280 --> 00:07:57,120
Speaker 3: ato people, they can start to gauge from the conversations

134
00:07:57,120 --> 00:07:59,880
Speaker 3: to how big an issue this is. And Kate's come

135
00:08:00,040 --> 00:08:03,080
Speaker 3: away convinced that this is a matter of four thousands

136
00:08:03,120 --> 00:08:05,640
Speaker 3: of people. And when you think of the sheer number

137
00:08:05,760 --> 00:08:09,200
Speaker 3: of taxpayers, you only need a tiny sliver of them

138
00:08:09,280 --> 00:08:13,120
Speaker 3: to be compromised to get some pretty chunky numbers pretty fast.

139
00:08:13,520 --> 00:08:16,720
Speaker 3: And in some cases the hackers are actually putting in

140
00:08:17,280 --> 00:08:20,880
Speaker 3: not just the most recent years refund but also prior

141
00:08:21,000 --> 00:08:23,360
Speaker 3: years as well, So going back a second and a

142
00:08:23,440 --> 00:08:26,440
Speaker 3: third time to make more and more claims, you're talking

143
00:08:26,440 --> 00:08:30,240
Speaker 3: about twenty thousand dollars plus for each of these individuals

144
00:08:30,760 --> 00:08:34,000
Speaker 3: and that's money that I guess belongs to each and

145
00:08:34,040 --> 00:08:35,840
Speaker 3: every one of us, right it's paid out by the

146
00:08:35,880 --> 00:08:38,880
Speaker 3: Tax Office incorrectly. We're all on the hook for that

147
00:08:38,920 --> 00:08:41,280
Speaker 3: at the end of the day. So it really is

148
00:08:41,480 --> 00:08:45,280
Speaker 3: a problem that really everyone should be concerned about.

149
00:08:48,280 --> 00:08:51,560
Speaker 1: Coming up. Why this storm's been brewing for a while.

150
00:09:08,120 --> 00:09:10,960
Speaker 1: When Kate Quinn flicked on the TV about a month ago,

151
00:09:11,160 --> 00:09:14,520
Speaker 1: she caught the end of a news bulletin about a major.

152
00:09:14,360 --> 00:09:17,520
Speaker 2: Hack and I thought, Ah, this is it. I knew

153
00:09:17,520 --> 00:09:21,240
Speaker 2: this would happen, but it was people super being hacked into.

154
00:09:24,240 --> 00:09:28,960
Speaker 5: Several Australian superannuation funds have been targeted by cyber criminals.

155
00:09:29,400 --> 00:09:33,920
Speaker 5: It's caused panic and frustration for thousands of members who've

156
00:09:33,960 --> 00:09:38,040
Speaker 5: been unable to check whether their nest egg has been impacted.

157
00:09:38,920 --> 00:09:41,400
Speaker 1: The question now is how has a hack of the

158
00:09:41,440 --> 00:09:44,920
Speaker 1: Australian Tax Office managed to fly under the radar for

159
00:09:45,000 --> 00:09:49,000
Speaker 1: so long. Here's Paul Garvey diving into this.

160
00:09:49,040 --> 00:09:53,440
Speaker 3: I can see that this has been a brewing issue

161
00:09:53,480 --> 00:09:56,920
Speaker 3: for the ATO for a long time now, well over

162
00:09:56,960 --> 00:10:01,160
Speaker 3: a decade that there's been that these weaknesses have emerged.

163
00:10:01,200 --> 00:10:05,600
Speaker 3: So as taxes become more and more in the online sphere,

164
00:10:05,840 --> 00:10:08,400
Speaker 3: moving away from those old paper tax returns, if you're

165
00:10:08,480 --> 00:10:10,720
Speaker 3: old enough to remember what they were like. Each step

166
00:10:10,760 --> 00:10:14,560
Speaker 3: of the way, there's been I guess, holes in the system,

167
00:10:14,720 --> 00:10:17,319
Speaker 3: holes in the Swiss Cheese that have allowed these sort

168
00:10:17,360 --> 00:10:20,360
Speaker 3: of things to happen at varying scale along the way.

169
00:10:21,040 --> 00:10:24,880
Speaker 3: It's almost become perhaps part of the furniture of tax

170
00:10:24,920 --> 00:10:28,600
Speaker 3: in Australia. The other thing is a lot of hacking

171
00:10:28,640 --> 00:10:32,280
Speaker 3: incidents we hear about. There'll be the little old lady

172
00:10:32,320 --> 00:10:35,440
Speaker 3: who's had a bank accounts cleaned out, the retiree who's

173
00:10:35,440 --> 00:10:40,120
Speaker 3: watched their super fun disappear. These direct hip pocket hits,

174
00:10:40,440 --> 00:10:46,079
Speaker 3: brutally cruel attacks on individuals that cripples them immediately and tangibly.

175
00:10:46,720 --> 00:10:49,400
Speaker 3: Where is this We're talking about tax returns that people

176
00:10:49,800 --> 00:10:52,080
Speaker 3: may have even forgotten to lodge themselves, didn't even know

177
00:10:52,120 --> 00:10:54,880
Speaker 3: where they're or that they had lodged previously, and which

178
00:10:54,880 --> 00:10:58,400
Speaker 3: have since been amended. The victim as such isn't being

179
00:10:58,440 --> 00:11:02,240
Speaker 3: the one fleeced here erectly, so it doesn't have that

180
00:11:02,320 --> 00:11:06,320
Speaker 3: same kind of bite in that sense if you follow

181
00:11:06,360 --> 00:11:09,480
Speaker 3: what I'm saying, and look, you could also probably draw

182
00:11:09,520 --> 00:11:12,400
Speaker 3: a line to think that maybe there's an element of

183
00:11:12,400 --> 00:11:15,520
Speaker 3: self preservation here from the ATO. I mean, it looks like,

184
00:11:15,800 --> 00:11:19,360
Speaker 3: talking to people like Kate and to accountants out there,

185
00:11:19,960 --> 00:11:22,839
Speaker 3: that the ATO probably hasn't covered itself in glory in

186
00:11:23,400 --> 00:11:26,600
Speaker 3: ensuring that its systems are as robust as we might

187
00:11:26,720 --> 00:11:30,360
Speaker 3: expect from an agency as well respected and well resourced

188
00:11:30,360 --> 00:11:33,680
Speaker 3: as the ATO. They might not be exactly ecstatic to

189
00:11:33,720 --> 00:11:36,760
Speaker 3: be putting up in lights that some shortcomings in the

190
00:11:36,840 --> 00:11:41,079
Speaker 3: system may have at best contributed to these outcomes here.

191
00:11:41,280 --> 00:11:44,440
Speaker 3: So there's a few reasons I think why it hasn't

192
00:11:44,440 --> 00:11:47,000
Speaker 3: necessarily blown up as large as it perhaps deserves to be.

193
00:11:49,520 --> 00:11:52,400
Speaker 1: Labor of course, went to the election promising instant tax

194
00:11:52,440 --> 00:11:55,640
Speaker 1: refunds of up to one thousand dollars for eligible Australians.

195
00:11:55,880 --> 00:11:58,000
Speaker 1: That's not due to come into effect until the middle

196
00:11:58,040 --> 00:12:00,320
Speaker 1: of twenty twenty seven, at the end of the twenty

197
00:12:00,360 --> 00:12:03,800
Speaker 1: six twenty seven financial year. But does a breach of

198
00:12:03,840 --> 00:12:06,600
Speaker 1: this magnitude have implications for that plan?

199
00:12:07,360 --> 00:12:11,160
Speaker 3: It most definitely should, because one thing that we've seen

200
00:12:11,280 --> 00:12:16,920
Speaker 3: consistently over the years is that for every step taken

201
00:12:17,720 --> 00:12:21,839
Speaker 3: in terms of security or in every initiative taken by

202
00:12:22,080 --> 00:12:24,439
Speaker 3: a state or federal government in trying to provide some

203
00:12:24,480 --> 00:12:27,199
Speaker 3: form of tax relief. There there are a whole bunch

204
00:12:27,200 --> 00:12:29,920
Speaker 3: of hackers who are pouncing on that and trying to

205
00:12:29,960 --> 00:12:34,680
Speaker 3: stay a few steps ahead of where regulators lawmakers are

206
00:12:34,679 --> 00:12:36,760
Speaker 3: in dealing with this sort of thing. So I would

207
00:12:36,760 --> 00:12:41,920
Speaker 3: have thought that this very clearly should remind the federal

208
00:12:41,960 --> 00:12:45,520
Speaker 3: government of what can happen, of the needs for these

209
00:12:45,520 --> 00:12:49,560
Speaker 3: sorts of precautions, and to be constantly thinking where are

210
00:12:49,559 --> 00:12:53,959
Speaker 3: the vulnerabilities, how to prevent this from being illegally exploited.

211
00:12:54,640 --> 00:12:56,320
Speaker 3: Like we've said, this has been going on in some

212
00:12:56,360 --> 00:12:58,640
Speaker 3: shape or form for many years now. That's certainly not

213
00:12:58,679 --> 00:13:01,400
Speaker 3: a problem that's specific to one side of government over another,

214
00:13:01,520 --> 00:13:05,160
Speaker 3: but it most certainly will undermine that public confidence that

215
00:13:05,200 --> 00:13:08,080
Speaker 3: we have in this. So that's certainly something for the

216
00:13:08,120 --> 00:13:11,960
Speaker 3: atl itself and also for lawmakers to firmly keep in mind.

217
00:13:16,600 --> 00:13:21,640
Speaker 1: Paul Garvey is a senior reporter with The Australian. The

218
00:13:21,679 --> 00:13:25,559
Speaker 1: Australian Tax Offics told Paul its systems are secure, resilient

219
00:13:25,679 --> 00:13:28,840
Speaker 1: and have not been compromised. You can read his report

220
00:13:28,960 --> 00:13:31,320
Speaker 1: right now at The Australian dot com dot au