Australian Tax Office Fights 3M Hack Attempts a Month

PCI qualified security assessor

The veneer that the Australian government and businesses are better placed to tackle cybercrime has been blown away. The Australian Tax Office (ATO) has reported 3 million hacking attempts from malevolent actors online. In fact, the second commissioner, Jeremy Hirschhorn, has cautioned superannuation funds and accountants to be extra vigilant as they could be targeted by such actors for holding extensive consumer data.

He further put the company directors on notice about the possibility of theft of their identities. These hacking attempts came on the heels of the theft of around 9.8 million personal records from the telecom company Optus. It appears Australian entities are vulnerable to cyber attacks due to a lack of stringent cybersecurity measures, such as the one that offers PCI DSS SAQ AOC ROC assessment, among others.

Why Is ATO the Prime Target of Cybercriminals?

All these have prompted concerned customers to call the Commonwealth Bank in greater numbers— around 5000 a day. According to Jeremy, the hacking attempts at the ATO and the Optus data breach have dispelled any sense of hubris among the Australian entities. Moreover, the attack surface for cybercriminals seems to have expanded thanks to the sharing of personal and commercially sensitive data across banks, tax agents, super funds, and the ATO. The fact that ATO has become the target of hacking attempts is due to its vast corpus of data.

This relates to around 14 million income tax returns per year, 4.3 million small businesses, 40,000 multinationals, and 201,000 privately owned Australian groups. As per cybersecurity specialists Trellix, Australian businesses are facing a high number of data breach incidents—55 alerts daily, which is supposedly the highest in the Asia Pacific region. Even Australian businesses have reported having lost up to 10% of their revenue in such incidents over the last year.

The Alarming Rise in Cybersecurity Incidents

These incidents have highlighted the critical role of cybersecurity measures that businesses and government agencies must strictly adhere to. The ATO is mulling over ways to give individuals a data package, which can then be shared with their representatives. ATO hopes that such a measure could address some of its cybersecurity challenges. Most respondents, alarmed at the cybersecurity breaches to which Australia has been subjected, have pinned their hopes on the federal budget. According to them, the budget should provide better support for businesses to improve digital capability and Australia’s prosperity.

It is high time Australian businesses woke up from their slumber and implemented strict cybersecurity measures, either using in-house resources or hiring the services of a QSA service provider like Cybernetic Global Intelligence. They should pay heed to the growing sense of restlessness and concern among Australian citizens regarding the security of their data. So, what needs to be done? How can they assure Australian citizens that their systems, processes, and databases are secure? Well, by implementing stringent cybersecurity protocols, complying with regulatory standards, and following best practices. Let us know how PCI DSS SAQ AOC ROC assessment can help matters.

What Is PCI DSS Compliance and Why Is it Needed?

PCI Compliance protects eCommerce businesses and those using EFTPOS machines from liability in the event of a data breach. Also, they can avoid paying fines or penalties for not adequately protecting their customers’ credit card information. Known as the Payment Card Industry Data Security Standard (PCI DSS) and set up by MasterCard, Visa, JCB International, Discover Financial Services, and American Express, PCI DSS is a set of security standards to protect sensitive authentication data and cardholder data wherever it is stored, processed, or transmitted.

The system components included here are network devices, applications, computing devices, and servers. Businesses should rope in professional cybersecurity experts from PCI DSS QSA compliance assessment consulting services such as Cybernetic Global Intelligence to ensure compliance and eliminate data breaches.

What Are the Requirements for PCC DSS?

According to the PCI DSS version 3.2.1, the requirements for businesses to comply with the standard are as follows:

  • Building and maintaining a secure network using firewalls, anti-virus and anti-spyware solutions, and intrusion detection and prevention systems.
  • Protecting cardholder data by identifying the storage, transit, and retrieval of credit card data.
  • Maintaining a vulnerability assessment programme.
  • Implementing access control measures.
  • Monitoring test networks.
  • Maintaining an information security policy.


Cybersecurity concerns are real, and businesses should realize the gravity of the situation and ringfence their IT assets and networks. Businesses in Australia, New Zealand, and the Asia Pacific region may hire the services of a PCI qualified security assessor like Cybernetic Global Intelligence by calling 1300 292 376 or sending an email to

Post a Comment