Australia boosts myGov cybersecurity measures

Share

Australia is taking significant steps to bolster the cybersecurity measures of its myGov platform. A recent investigation by the Commonwealth Ombudsman revealed that Services Australia needs to do more to shield Australians from myGov fraud.

The investigation report highlighted the lack of adequate security controls to thwart fraudulent activities, such as unauthorised linking of legitimate myGov accounts to fake accounts created by scammers. Currently, the only preventive measures against these attacks are the proof of record ownership processes implemented by individual myGov member service agencies.

Ombudsman Iain Anderson emphasised that “APS agencies responsible for administering a system or program that involves other agencies, like myGov, should understand the levels of risk across the system and ensure risks that could impact other participants are managed effectively, including through identifying and managing shared risks”.

The report also found a lack of additional security controls to ensure high-risk transactions, such as changing bank account details, are authorised by genuine customers. In response, the report proposed four recommendations and two suggestions for Services Australia to enhance security controls for linking and high-risk transactions.

These recommendations aim to improve how Services Australia and member services manage shared risks within the myGov ecosystem and Services Australia’s approach to responding to customer reports of fraud and breaches to individual records. Anderson stressed the importance of robust protections to prevent fraudsters from gaining unauthorised access to myGov accounts, given the volume and sensitivity of information held in member service accounts linked to myGov.

Reports from citizens about the stress and anxiety they experienced when their personal information was stolen and fraud committed in their name underscore the urgency of these measures.

By addressing these issues, Australia seeks to bolster the security of the myGov platform, safeguarding users against fraud and ensuring the integrity of sensitive personal data.