In an age where our personal information is as valuable as currency, it's alarming to learn that Services Australia has become a prime target for scammers.

Reports revealed a staggering surge in data breaches, with scammers using stolen details to hack into customer accounts.

This revelation is a stark reminder of the importance of safeguarding our personal information.

The data, which was obtained under freedom of information by a user on the transparency website Right to Know, showed that as of 5 July, Services Australia had reported 49 data breaches due to social engineering in 2024 alone.

This figure is a shocking 440 per cent increase from the nine reports in 2023 and a significant jump from the single report recorded in each of the previous three years.

Reports have revealed that there has been a surge in data breaches in Services Australia. Credit: Unsplash

Social engineering is a sophisticated form of deception where scammers impersonate individuals to gain unauthorised access to personal information.

It's a tactic that preys on human psychology rather than technological vulnerabilities, making it particularly insidious and difficult to combat.

Services Australia's general manager, Hank Jongen, has acknowledged the rise in data breaches, attributing it to the use of personal information stolen from third-party data breaches both in Australia and internationally.

‘The vast majority are the result of customer information becoming compromised through previous third-party data breaches occurring in Australia and overseas, as well as from small- and large-scale identity theft or phishing scams and from mail theft,’ Jongen said.

‘The increase in notifiable data breaches in recent years across industry and government reflects the growing trend of scammers impersonating organisations and targeting individuals to steal sign-in credentials and other personal information.’

The consequences of these breaches are not trivial. In the 2023-24 financial year, around 14,000 users were notified that their personal information on some websites—such as Medibank and Medisecure—might have been accessed by unauthorised individuals.

Cyber-threat intelligence analyst Jeremy Kirk from Intel 471 has pointed out that data breaches provide a continuous supply of fresh identity information for criminals.

‘Every organisation that runs online customer-facing systems faces challenges ensuring that only an authorised account holder is actually the one accessing the account,’ he said.

‘These info-stealers scrape all kinds of data from web browsers, from credentials to cookies to credit card and personal data. These data packages are sold in underground cybercriminal forums and on chat services such as Telegram.’

Kirk mentioned that cybercriminals are bypassing defences like two-factor authentication by using phishing tactics, often through email or text messages, to deceive individuals into sharing their security codes.

‘Then they immediately login into an account. There’s other security telemetry that service providers can use to try to detect unauthorised logins, but it can be very difficult to stop,’ he added.

The Australian Information Commissioner (OAIC) reported that most data breaches in the first half of 2024 by government entities were through social engineering or impersonation.

‘It is essential that government agencies, especially those with service delivery functions, model best practice and build community trust in their ability to protect the security of personal information they hold,’ the OAIC said.

For those concerned about the security of their accounts, Jongen advised checking for unrecognised activity and ensuring personal details are correct. Services Australia has also set up a dedicated hotline (1800 941 126) for those who suspect their accounts may have been compromised.

Key Takeaways

• Services Australia has reported a significant rise in data breaches, primarily due to scammers using information from previous hacks to access customer accounts.
• In 2024, there was a more than 440 per cent increase in social engineering-related data breaches compared to the previous year.
• The majority of breaches were linked to customer information being compromised through external data breaches, identity theft, phishing scams, and mail theft.
• Services Australia encouraged individuals who suspect their account information has been compromised to check their accounts for unfamiliar activity and to contact their dedicated hotline for support.

Have you or someone you know been affected by a data breach? What measures do you take to safeguard your personal information? Share your experiences and tips in the comments below.

 

[Dennis]

Short time ago was reading in Adelaide,s Advertiser That a woman has lost 800,000 on a new home scan.

 

[summadale]

Are people aware that in your Centrelink and Medicare your banking details are there in full? I just checked my Centrelink app and it’s there why can’t they xx out like other companies do?

 

[LesleyJayne]

Several months ago, someone tried to access my mygov account, fortunately they were unsuccessful. Passwords need to be changed regularly, which is a real pain.

 

[Redone13]

Yes stole my identity, completed a tax return. Set up a bank account and applied for a 100,000,000 home loan. Changed my bank account details and phone number. So when I logged in the code generator gave them my details My account is locked and I have spent hours on the phone trying to deal with it all now I have to front an office and give 100 points of I D to prove who I am. Scammer gets away free. I also have a Samsung phone in my account that I can’t remove because I don’t own it belongs to scammer.

 

[freedy50]

Personally I've got everything monitored on my phone and computer all the time for dodgy stuff going on. All in the background. Any security that's on your phone or computer just leave it on all the time.

If people are going to believe incoming phone texts, like the following, and click on the links than that's their own fault. (I've put X's on some of the web address)

urgent: you have a tax refund waiting check your ATO account now: https://assessment-letter.xxxxxx

You have a message from ATO regarding your 2024 lodgment, visit Https://refund2024income.xxxxxxxxx to view.

Medicare:In response to abnormal activity on your Medicare account, service suspension has been implemented. More details: https://medicare.auwgvx.xxxxxxxxx

CentreIink: You have a new message that needs urgent attention, view at https://centrlink-allowance-paid.xxxxxxxx

 

[PepeLePew]

Someone tried to hack my MyGov account a while back but got stumped by my secret questions. They were questions that only I would ever know the answers to but I still took the time to change them as well as my password.

 

[Wizzard]

Hello everyone that reads this. About 25 years ago I had definite information from Microsoft and Windows that one thing any program search cannot get past is an "UNDERSCORE" typed between letters or numbers.
The information was that an underscore sits on top if the lines of electrons in computer language programs. Now some persons have not taken heed of this when I have told them. For your information all programmes that are created use the same "DATA LANGUAGE" .
When I originally set my e-mail up with an underscore, the amount of junk messages I received when away for up to 3 weeks working, was reduced from about 300 down to less than 50.
This underscore action I have had confirmed by some master programmers I have met while working in the mining industry.
So, I suggest you try it out with your email by setting up and using a new one which can be linked to your original.
Cheers from the Wizzard

 

[Wizzard]

Hi back again. I forgot to mention that the system used for creating any programme is called "VISUAL BASIC DATA LANGUAGE".
Cheers Wizzard

 

[rehandra]

I would not know. It is up to Services Australia to keep our information safe.

 

[rehandra]

Personally I've got everything monitored on my phone and computer all the time for dodgy stuff going on. All in the background. Any security that's on your phone or computer just leave it on all the time.

If people are going to believe incoming phone texts, like the following, and click on the links than that's their own fault. (I've put X's on some of the web address)

urgent: you have a tax refund waiting check your ATO account now: https://assessment-letter.xxxxxx

You have a message from ATO regarding your 2024 lodgment, visit Https://refund2024income.xxxxxxxxx to view.

Medicare:In response to abnormal activity on your Medicare account, service suspension has been implemented. More details: https://medicare.auwgvx.xxxxxxxxx

CentreIink: You have a new message that needs urgent attention, view at https://centrlink-allowance-paid.xxxxxxxx

I would NEVER click on any of the above you have listed. First thing I would do is ring the organisation direct myself and check out myself. Better to be safe than sorry.

 

[muzza78]

About july my pension didn't go in my bank and when l went to centre link they said it had been paid to my new account. I told them l don't have a new account and was told l changed the details on the my gov app. I explained to them that l have never used the my gov or the my gov I D apps that they put on my phone after my wife died in 2021 because l don't know what they are for. They issued me with a replacement payment and told me if they can't get the original payment back from the so called new account of mine l will have to pay them back myself.

 

[Lilibet]

Yes, that happened to me when I went to see Centrelink.
Someone got into my My Gov account changed my bank Acc so my pension went into it then took out a $980 loan against it, I have to go back every 3 months to get them to stop taking payments from my Centrelink payments or they charge me $60 every 2 weeks.
It's a REAL hassle.
They told me the Fraud squad are working on it !!
I thought Services Australia would have had measures in place to SAFEGUARD their customers!!!!

 

[Rickcb63]

I seriously hope everyone reads this thread carefully, as it claims that the information (data) was taken from a freedom of information site!
And the ones who should be careful in this case is clearly the government.
PS: freedom of information is not considered “hacking “!

 

[Rickcb63]

Yes, that happened to me when I went to see Centrelink.
Someone got into my My Gov account changed my bank Acc so my pension went into it then took out a $980 loan against it, I have to go back every 3 months to get them to stop taking payments from my Centrelink payments or they charge me $60 every 2 weeks.
It's a REAL hassle.
They told me the Fraud squad are working on it !!
I thought Services Australia would have had measures in place to SAFEGUARD their customers!!!!

They do have safeguards

 

[rehandra]

Yes, that happened to me when I went to see Centrelink.
Someone got into my My Gov account changed my bank Acc so my pension went into it then took out a $980 loan against it, I have to go back every 3 months to get them to stop taking payments from my Centrelink payments or they charge me $60 every 2 weeks.
It's a REAL hassle.
They told me the Fraud squad are working on it !!
I thought Services Australia would have had measures in place to SAFEGUARD their customers!!!!

That is shocking. I will keep an eye on my account to make sure my carers allowance goes in every fortnight.

 

[Rickcb63]

Are people aware that in your Centrelink and Medicare your banking details are there in full? I just checked my Centrelink app and it’s there why can’t they xx out like other companies do?

Remember that when your looking at it, it’s in your account, so you will see your own account!!

 

[Lilibet]

I would NEVER click on any of the above you have listed. First thing I would do is ring the organisation direct myself and check out myself. Better to be safe than sorry.

They do have safeguards

NOT VERY GOOD THEN !!!!

 

[Rickcb63]

NOT VERY GOOD THEN !!!!

Companies sell everyone’s details to other companies, it’s been happening for years, that is where the problem lies, money money money !

 

[Cheezil]

Yes stole my identity, completed a tax return. Set up a bank account and applied for a 100,000,000 home loan. Changed my bank account details and phone number. So when I logged in the code generator gave them my details My account is locked and I have spent hours on the phone trying to deal with it all now I have to front an office and give 100 points of I D to prove who I am. Scammer gets away free. I also have a Samsung phone in my account that I can’t remove because I don’t own it belongs to scammer.

Digital nightmare, i truly sympathise! Worse part is it wasn't your fault! Makes us wonder about how the hell we are meant to prevent things like this happening!
Hope you can get things sorted, but how the heck do you ever trust that this wont happen again?