​ATO reassures public about web security flaw

Private tax records potentially viewable by third parites

The Australian Taxation Office (ATO) has reassured Australians that it has fixed an issue which meant private tax records could potentially be accessed by third parties.

Fairfax first reported the vulnerability that involved a web cookie that did expire.

That meant the next user who logged into myGov from the same device and clicked on a link to ato.gov.au saw the previous user's records.

IT professional JP Liew contacted Fairfax about the vulnerability.

“Further to recent media coverage, we’d like to reassure the community that we have resolved the issue relating to our online services that was uncovered earlier in the week,” an ATO spokesperson said.

“We appreciate the community alerting us when issues arise. We investigate all reports and take appropriate action to keep our systems safe and efficient.”

The spokesperson said staff have implemented a fix to ensure that circumstances outlined by the Liew do not allow the issue to reoccur.

“We continue to investigate to ensure no other errors are occurring. We’d like to remind clients that they should always logout, sign out or return to myGov when leaving any secure pages,” the spokesperson said.

Australians who have concerns with the agency's online systems should ring 13 28 61 and select option 5, the spokesperson said.

An Office of the Australian Information Commissioner (OAIC) spokesperson said it is “aware of media reports” about a potential vulnerability on the myGov website.

“We are currently considering this issue, in line with the processes set out in our Privacy Regulatory Action policy.”

Join the Computerworld newsletter!

Error: Please check your email address.

Tags securityAustralian Taxation Office (ATO)myGov

More about Australian Taxation Office

Show Comments