Loading
This thread is archived and the information may not be up-to-date. You can't reply to this thread.
softwaredevelop(Initiate)Initiate
6 July 2024

With so many data breaches happening in recent years, our private information is now in the hands of criminals.


It is my understanding that ATO enables the linking of multiple mygov accounts so long as the account provides 100 point identification.


In theory and in practice, a criminal that has stolen a victim's identity can create a mygov account, and link to ATO, amend/change tax information and even drain super. I've seen reports of this happening to people, without even receiving a notification or alert that a new account has been linked, amendments have been made to their tax return, or their super has been rolled over to an SMSF to be drained.


This is very worrisome.


ATO should have provisions to enable restriction of linking to multiple accounts, notifications and alerts, etc. so that people can be proactive in case of a breach.

285 views
3 replies
285 views
3 replies

Most helpful response

Most helpful reply

RileyATO(Community Moderator)Community Moderator
7 July 2024

Hi @softwaredevelop,


Please be assured we do take online security very seriously.


One way you can prevent fraudulent access to your ATO online account is by signing into myGov using a digital ID like myGovID. When you do, this sets your Online access strength. This means other methods of signing into myGov won’t allow you or fraudsters to access your ATO online account.


For example, if you have a myGovID with a ‘Strong’ identity strength, you cannot access or link to your ATO online account by signing in using SMS or the myGov code generator app. Instead, you must sign in using your ‘Strong’ myGovID.


We have more cyber security tips available on our website.


If you believe you’ve identified a system security vulnerability, you can report it to us.

All replies

Most helpful reply

RileyATO(Community Moderator)Community Moderator
7 July 2024

Hi @softwaredevelop,


Please be assured we do take online security very seriously.


One way you can prevent fraudulent access to your ATO online account is by signing into myGov using a digital ID like myGovID. When you do, this sets your Online access strength. This means other methods of signing into myGov won’t allow you or fraudsters to access your ATO online account.


For example, if you have a myGovID with a ‘Strong’ identity strength, you cannot access or link to your ATO online account by signing in using SMS or the myGov code generator app. Instead, you must sign in using your ‘Strong’ myGovID.


We have more cyber security tips available on our website.


If you believe you’ve identified a system security vulnerability, you can report it to us.

softwaredevelop(Initiate)Initiate
8 July 2024

But that doesn't address the issue of someone being able to setup another MyGov account and linking to ATO using a 100 points identity which they could easily do from a breach and/or through forgery. This is a real issue that has been exploited due to the wave of security breaches.

Featured articles

Setting up an ATO payment plan

5 Nov 2025 · 6 min read time

Can’t sign in to myGov to access ATO online services?

2 Dec 2025 · 3 min read time

Linking your myGov account to the ATO

24 Aug 2025 · 3 min read time

Top liked users

  1. BroncosvRabbits

    (Devotee)

    61 likes

  2. mi_guv_eye_d

    (Master)

    36 likes

  3. PayrollDeanne

    (Taxicorn)

    32 likes

  4. taxfriend

    (Superuser)

    27 likes

  5. Peter_Clyne

    (Superuser)

    26 likes

Top contributors

  1. BroncosvRabbits

    (Devotee)

    303contributions

  2. mi_guv_eye_d

    (Master)

    285contributions

  3. YellowPotato

    (Taxicorn)

    210contributions

  4. YEP

    (Devotee)

    129contributions

  5. taxfriend

    (Superuser)

    129contributions

Loading
Restrict access to ATO account to prevent fraud | ATO Community