With the federal government aggressively pushing everyone to sign up to the use of MYGOV, the following should be a sobering reminder of what can go wrong.
We had an interesting call from the ATO last night, They were querying why the income and expenditure on a client’s tax return did not correspond to their business activity statements. This is unusual as we normally perform a reconciliation of BAS to income tax return prior to lodgement.
Upon further investigation, we found that that 2 Business Activity Statements had been amended , with the net result being that in theory the client would be entitled to almost $4million dollars in refunds. The alarm bells started to ring as any refund of such proportion would initiate a tax audit.
We immediately phoned the client and suggested he come to see us urgently. He had no knowledge of anyone revising Business Activity Statements. Two days earlier, he had received a text message from the ATO suggesting that there had been suspicious activity on his Mygov account. He was not aware of any activity and had chosen not to respond.
It now appears that his Mygov account has been hacked. At this stage we are insure of whether this involved changing bank accounts for the perpetrator to collect refunds.
We advised him to contact the ATO immediately to advise of this breach, and we will follow up at this end. Interesting, we also found that a tax return had also been lodged for this client, but not by us. We had been unable to lodge his actual tax return because the system told us that one had already been lodged.
Whilst we can correct the activity statements at our end, we have no certainty that a hacker will not access the Mygov account again.
It is important to note that we do not have access to a client’s Mygov account and can only access information by the Tax Agents Portal. It was also interesting that the client had been removed from our list of clients on the Tax Portal; something that normally only happens if the client engages another accountant; which clearly is not the case.
The question therefore remains: “ How secure is Mygov” ? We all must be vigilant in protecting our confidential information.