X
Government

CD with 3,000 taxpayer details goes missing

A compact disc containing taxation details of 3,122 Australian taxpayers has gone missing whilst en route to the Australian Taxation Office from its printers.
Written by Liam Tung, Contributing Writer

A compact disc containing taxation details of 3,122 Australian taxpayers has gone missing whilst en route to the Australian Taxation Office from its printers.

cdburn

(Credit: ZDNet.com.au)

The CD contained the tax file numbers of 3,122 self-managed super funds which the ATO sent to its printers as part of a batch of letters to be sent to the tax payers. On completion of the printing, the CD was to be sent back to the ATO, but did not arrive.

The disc had been handed to an authorised "door to door" courier, a spokesperson told ZDNet.com.au, but went missing during transit.

"I am concerned that this parcel containing taxpayer information has failed to be delivered," Tax commissioner Michael D'Ascenzo said in a statement.

He said the courier company believed the parcel was still within its warehouse.

"While there is no evidence the information has fallen into the wrong hands or been misused, I am taking the matter seriously," said D'Ascenzo, adding that he was concerned the information could be misused.

The ATO had sent letters to the affected taxpayers urging them to take up its offer of new tax file numbers in order to protect their super fund information.

"We are providing the relevant trustees the opportunity to ensure that there is no unauthorised use of their funds' relevant tax records," he said.

Lost-disc-phobia

The incident is reminiscent of the HMRC data breach in the UK when in 2007 two lost CD's exposed the personal records of at least 25 million UK citizens.

In the hope of preventing a similar security breach at the ATO, earlier this year it had contracted consultancy PriceWaterhouseCoopers to conduct a security review of its information handling practices.

ATO chief information officer Bill Gibson told ZDNet.com.au at the time that it had already had its own scare concerning a lost CD, however, Gibson said it had later been located within the ATO's offices.

One of the more serious flaws found in the ATO's information handling practices were that the staff had handed sensitive information to contractors without first gaining assurances that the information would be adequately protected whilst in their care.

To prevent misuse of that information Gibson said that the ATO had introduced USB drives — to be used instead of CDs — that required a person's thumbprint to access information contained on the device.

"If there is a need for us to physically take information to another entity, we will only do so on one of these USB keys. The key can be unlocked through the use of finger or thumbprint — otherwise it's rendered unusable," he said at the time.

Editorial standards