Thursday, October 20, 2022

Jeremy Hirschhorn: ATO battling 3m hack attempts a month

Small business has shot to the top of the ATO’s hit list because it emerged from COVID responsible for the biggest tax gap and almost two-thirds of the $37 billion tax debt, a commissioner says.

Some small businesses were deliberately dodging tax in the shadow economy, Second Commissioner Jeremy Hirschhorn said, and the sector’s compliance had become a key focus for the ATO with digitisation – and tax agents – in the front line.

But Mr Hirschhorn, addressing the Tax Institute’s Tax Summit in Sydney yesterday, said despite the ATO’s focus on the sector he was pessimistic about turning it around in the short term.

“I want to call out small business – this is the biggest gap. We estimate it is responsible for over $12 billion of the overall $33 billion tax gap,” he said.

Small business debt and tax gap at top of ATO hit list

ATO battling 3m hack attempts a month

The Tax Office is battling as many as 3 million attempted cyber hacks every month, and has warned accountants and superannuation funds they are ripe targets due to extensive consumer data holdings.

Following the landmark Optus data breach, Australian Taxation Office second commissioner Jeremy Hirschhorn said that “any sense of hubris” about cyber protections in Australia’s business and government sector was gone.

In an address to the Tax Institute in Sydney, Mr Hirschhorn put company directors on notice that their identities could be stolen, as bad actors online pieced together data in sophisticated operations for financial gain.

The ATO’s Jeremy Hirschhorn: “The thing which is actually more concerning ... is people taking over identities in the broader system.”  Edwina Pickles

“During this talk, if the average rates hold, there will have been about 4000 attempted hacks of our system,” he said on Thursday.

“We have about 2.5 to 3 million hacks of our system every month.

“But the thing which is actually more concerning – it’s hard to rank the concerns – is people taking over identities in the broader system.”

Government agencies and corporates have been rattled by the theft of 9.8 million Australians’ personal data from Optus. Commonwealth Bank has been receiving 5000 additional calls a day from concerned customers after the breach was revealed and Medibank is dealing with a significant cybersecurity incident this week.

Mr Hirschhorn said tax agents, accountants and superannuation funds were a ripe source of data for online criminals.

“Increasingly we see cascading penetration attempts, where criminals seek to obtain information from different places before putting it together for a fraud attempt.

“I think for many of us, the Optus data breach has really brought home how vulnerable many businesses and organisations are to attack, and dispelled any sense of hubris.

“We continue to strengthen our safeguards and also are thinking about how we can help the broader ecosystem, of which [tax professionals] are part.”

The ATO has vast stocks of data: it receives more than 14 million individual income tax returns every year and deals with 4.3 million small businesses, 201,000 privately owned Australian groups and about 40,000 multinationals.

As it pursues digitisation and service delivery improvements, Mr Hirschhorn said identity theft and other online threats remained front of mind.

“We hold it, but it’s actually people’s data,” he said.

“This is early thinking for us, but we are thinking about ways of how we can give an individual a package of data which they can then share with their representatives.

“It might solve some of our cybersecurity challenges. It is a big hairy one to solve.”

His comments came as new research from business management platform MYOB on Thursday showed 38 per cent of operators say the cost of cybersecurity protection is prohibitive.

The survey found two in three small business owners believed they needed to spend more to protect their business from online threats.

“Cybersecurity awareness is particularly acute among us all at present, and this is coming through in our SME responses,” MYOB spokeswoman Helen Lea said.

“Small and medium enterprises account for over 90 per cent of Australia’s businesses, so ensuring they’re achieving optimal results, especially in the face of inflation, supply chain disruption and cost of living pressures, will be vital for economic recovery.”

Nearly 95 per cent of respondents said better support for small business in next week’s federal budget would aid Australia’s post-COVID economic prosperity, including tax reform measures and improved digital capability.

Tom McIlroy reports from the federal press gallery at Parliament House. Connect with Tom on Twitter. Email Tom at

The Australian Tax Office has revealed it is hit by between 2.5 and 3 million attempts to hack its systems every month.

“During this talk, if the average rates hold, there will have been about 4000 attempted hacks of our system,” said Jeremy Hirschhorn, a second commissioner at the tax office.

His address to a tax summit in Sydney earlier today went for just under 40 minutes.

ATO second commissioner Jeremy Hirschhorn.

ATO second commissioner Jeremy Hirschhorn.CREDIT:ALEX ELLINGHAUSEN

Hacking attempts vary wildly in sophistication, the commissioner added, from automated probing for weaknesses to cybercrime gangs that develop customised software tools to infiltrate specific organisations. Most hacks on the ATO are likely in the former category and there is no indication they have been successful.

Hirschhorn said a likely more concerning development was cybercriminals harvesting stolen data from several sources before attempting to impersonate people.

“So tax agents systems are a ripe source of data, superannuation funds … and even taking over the identity of directors,” he said.

“So, increasingly, we see cascading penetration attempts where criminals attempt to obtain information from different places before putting it together for a fraud attempt.”

As this masthead has reported, real estate agents – who collect vast reams of personal data in rental applications or sometimes even to see a property – are another risk area.

Why Singaporean sovereign GIC loves Australian real estate

Singapore’s powerful sovereign wealth fund GIC, one of the largest offshore investors into commercial property in this country, has flagged its interest in Australia’s logistics and healthcare real estate sectors, while expressing confidence that top-quality CBD office towers will prosper amid the shake-out in work practices.

Those comments came as GIC’s chief executive Lim Chow Kiat gathered with the head of the Australia office, Sunny Tsun, and deputy head of real estate for Australia and New Zealand, Richard Massey, at the sovereign investor’s first local office at Sydney’s Chifley Tower, an asset in which GIC itself has an interest.

Real estate comprises a major part of GIC’s exposure in the Australian market. Last year the Singaporean player outspent other sovereign wealth funds such as Canada’s OMERS and CPP, investing an estimated $5.7 billion into Australian real estate, according to New York-based sovereign investor specialist Global SWF.

Underpinning that surge is GIC’s confidence in the Australian economy where solid growth combined with population increases drives demand for commercial property.

“That feeds into many of the real estate sectors: the general core sectors of office, industrial, retail, especially industrial and logistics,” Mr Massey told The Australian Financial Reviewthis week.

“You’ve got the e-commerce trend: Australia perhaps has been behind that trend a little bit compared to the US and Europe, so there is a bit of catch-up now.

“Retailers are going into omni-channel, so they’re building up their presence in logistics. That’s a space we’ve been playing into.”

Demography factors high in GIC’s thinking as well, given Australia’s ageing population and the demands that creates for healthcare and the real estate underpinning it. Along with that comes a broader interest in staying healthier longer combined with spending in private health insurance, all of which drives demand for healthcare services.

“We look to how we play into those trends in the real estate space,” Mr Massey said.

GIC has already played some of its cards, teaming up with Northwest Healthcare Properties Australian arm four years ago in a joint venture that subsequently absorbed half of Healthscope’s property portfolio when the hospital operator was privatised.

Initially billed as a $2 billion effort, the joint venture fund has expanded considerably, with a fresh injection of capital this year taking its value beyond the $6 billion mark.

The Singaporean fund remains a big believer in the CBD office market, notwithstanding the ructions in the sector caused by greater flexibility in work practices. Just three months ago, GIC stumped up for a half stake in an $800 million tower Charter Hall is developing on Melbourne’s Collins Street.

“Definitely there’s going to be an element of work from home that will stay. Flexibility is here to stay,” Mr Massey said. But at the same time white-collar workers will still be looking to occupy quality office space in CBD, he said.

“We still don’t think there’s going to be a structural decline in the office environment,” he told the Financial Review.

“There’ll be a bifurcation of the market, so tenants like ourselves will be looking for buildings that are modern, provide good amenity, have a good location, have good ESG credentials. Those [buildings] will continue to do well.

“Those that can’t offer that sort of amenity and that sort of product, they’re probably going to get left behind.

“We don’t think the office is dead, although people will have flexibility. Those office towers that can provide that amenity, that modern, new age product, will continue to do well.”