CD with 3,000 taxpayer details goes missing

CD with 3,000 taxpayer details goes missing

Summary: A compact disc containing taxation details of 3,122 Australian taxpayers has gone missing whilst en route to the Australian Taxation Office from its printers.


A compact disc containing taxation details of 3,122 Australian taxpayers has gone missing whilst en route to the Australian Taxation Office from its printers.



The CD contained the tax file numbers of 3,122 self-managed super funds which the ATO sent to its printers as part of a batch of letters to be sent to the tax payers. On completion of the printing, the CD was to be sent back to the ATO, but did not arrive.

The disc had been handed to an authorised "door to door" courier, a spokesperson told, but went missing during transit.

"I am concerned that this parcel containing taxpayer information has failed to be delivered," Tax commissioner Michael D'Ascenzo said in a statement.

He said the courier company believed the parcel was still within its warehouse.

"While there is no evidence the information has fallen into the wrong hands or been misused, I am taking the matter seriously," said D'Ascenzo, adding that he was concerned the information could be misused.

The ATO had sent letters to the affected taxpayers urging them to take up its offer of new tax file numbers in order to protect their super fund information.

"We are providing the relevant trustees the opportunity to ensure that there is no unauthorised use of their funds' relevant tax records," he said.


The incident is reminiscent of the HMRC data breach in the UK when in 2007 two lost CD's exposed the personal records of at least 25 million UK citizens.

In the hope of preventing a similar security breach at the ATO, earlier this year it had contracted consultancy PriceWaterhouseCoopers to conduct a security review of its information handling practices.

ATO chief information officer Bill Gibson told at the time that it had already had its own scare concerning a lost CD, however, Gibson said it had later been located within the ATO's offices.

One of the more serious flaws found in the ATO's information handling practices were that the staff had handed sensitive information to contractors without first gaining assurances that the information would be adequately protected whilst in their care.

To prevent misuse of that information Gibson said that the ATO had introduced USB drives — to be used instead of CDs — that required a person's thumbprint to access information contained on the device.

"If there is a need for us to physically take information to another entity, we will only do so on one of these USB keys. The key can be unlocked through the use of finger or thumbprint — otherwise it's rendered unusable," he said at the time.

Topics: Government AU, Government, Hardware, EU

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion