Family have identity stolen after MyGov ‘hacking’
A couple are living in fear after hackers stole their personal information from an app almost all Australians use.
A family have revealed how they almost lost it all after hackers stole their identity from an app designed to make Australian's lives easier.
Adelaide couple Sarah and Aaron told A Current Affair they have been living in fear after Sarah’s MyGov account was hacked last year.
Sarah was alerted to the nefarious scheme after she was notified of being locked out of her account, and immediately contacted Centrelink.
Tragically, the damage had already been done, with hackers changing Sarah’s details, including bank number, email, and phone number.
“They‘ve been able to rack up quite a bill which now we have to pay that back,” the couple told A Current Affair.
“They‘ve also made victims of flood claims, single parenting payments.
“Changes that our kids have lived outside of Australia too, which neither of us or the kids ever have.”
The changes meant that the family missed out on vital Centrelink payments following the hack.
Old tax returns were also amended in a bid to get money, with the hackers also trying to take Sarah’s superannuation.
Amid the fallout, the family told A Current Affair they’d been forced to repay tens of thousands stolen from the government by the hackers.
While Centrelink has since stopped making the couple repay the debts and refunded the money already paid, the impact was still being felt.
Arron said that after the eight-month ordeal many of the family’s accounts were still frozen.
Ordinary functions usually done on the MyGov app now require the couple to make a lengthy phone call.
Tragically, the couple are not alone as people across the country are similarly swindled by hackers using the MyGov app.
In May, Melbourne mum Sharon revealed she had been harassed for years after hackers broke into the common app.
Kathla, a victim of last year’s Medibank hack, also raised alarm bells after she started receiving worrying messages from MyGov.
The Sydney Buyers Agent told A Current Affair she then received an email from the MyGov stating she had re-registered for GST and an ABN.
“My accountant and I went through my ATO profile and found that my bank details had been changed to the hacker‘s bank details,” she said.
“My mailing address had been changed to the hacker’s mailing address.”
“I thought I had protected myself but somewhere along the line they have got enough information to hack me.
“The only hack I am aware of is the Medibank hacking.”
Kathla said she eventually realised that it was her ATO account that had been targeted.
Like many before her, the damage had already been done by that stage.
“I feel like I‘m pissing in the wind,” Kahla said.
“I don‘t feel like my voice is being heard. I feel like I have a significant problem.
“It’s like leaving the key in the front door and waiting for someone to turn it and anyone can turn it at any time.”
ID Care managing director David Lacey said scammers target people during tax time when they are likely accessing the MyGov service.
“Since June, we‘ve had a tenfold increase in people coming to us who have experienced impersonation of the tax office or myGov,” he said.
“There‘s also a very hefty cohort in the community who have no idea how the criminals got their data.
“They’re having to work out ‘what else is going on with my name that I don’t know about right now’, so they’re playing the detective.”
Kahla, Sarah, and Aaron said the government needs to better protect data, and also have a better system in place for those people impacted.
In a statement to Nine, Services Australia general manager Hank Jongen said the agency had robust protections in place.
“MyGov remains secure and has not been compromised,” he said.
“It‘s an unfortunate reality that opportunistic scammers steal identity information to carry out fraudulent activities.
“While we can‘t comment on individual cases for privacy reasons, we’ve reached out to these customers to provide support.
“Services Australia doesn‘t hold customers liable for any payments that are as a result of fraudulent activity by a malicious third party.”