136 complaints arise from ATO's string of HPE hardware outages

Following the string of storage outages plaguing the Australian Taxation Office since December last year, the government department has received 136 formal complaints.
Written by Asha Barbaschow, Contributor

The Australian Taxation Office (ATO) has received a total of 136 complaints since it first experienced an outage affecting its website, tax agent, and business portals on December 12, 2016.

According to the ATO, 13 of the 136 complaints received were lodged by tax practitioners, with the majority of the remaining cases lodged by individuals. A total of 66 complaints were associated with the government's HECS/HELP loan scheme.

A total of four complaints were made directly to the Inspector of General Taxation, with two of those cases involving tax practitioners potentially inquiring about compensation from the ATO.

The ATO also said that government revenue for the 2016-17 financial year has not been impacted by the IT incidents, and noted that no long-term impacts had been identified for its audit and compliance work.

When asked if the ATO had set aside appropriate portions of its budget to account for potential compensatory payments, the ATO said its budget makes provision for compensation payable under the Scheme for Compensation for Detriment caused by Defective Administration (CDDA), but that it had not established such provisions specifically for compensation arising from its IT incidents.

The ATO also said it was not proposing the establishment of a compensation fund specifically referable to its IT incidents.

When it comes to the potential compensation the tax office is expecting from Hewlett Packard Enterprises (HPE) as a result of the outages, the ATO confirmed that compensation estimates had been prepared for the purpose of "seeking a speedy commercial settlement with HPE", but noted it could provide further details given it is still involved in discussions with the storage giant.

The comments were made in a reply to questions on notice, prepared by the ATO following its appearance at Senate Estimates earlier this year.

After the initial two-day crash of the ATO's website, tax agent, and business portals on December 12, the ATO called in HPE almost immediately to help it determine the underlying cause of the problem that it said was encountered for the first time anywhere in the world.

Currently, there are some 67,000 installations of HPE's 3PAR SAN hardware in large organisations both in Australia and internationally, and the ATO reaffirmed the SAN was considered state-of-the-art in 2015.

The ATO explained that the issues it experienced were highly technical in nature and required specialist engineers in SAN technologies, and said it called upon specialist contractors in Australia and from overseas, in addition to HPE engineers and its own internal staff to help rectify the issues.

The tax office said US defence company Leidos, as the ATO's provider of service management services, has also been involved in providing assistance through and across the outage.

Prior to the outages, the ATO did not made representations to the Australian government about the security and reliability of the data on the HPE SANs, with the ATO noting the risk assessment determination was that the SAN functions are typically dependable and with low overall risk.

On December 16, Commissioner of Taxation Chris Jordan announced an independent review into the "unprecedented failure" and called it the ATO's worst unplanned system outage in recent memory.

At the same time, the ATO claimed almost everything was back up and running, but did admit that "some" data corruption was experienced as a result of the incident, and noted it was in the process of having the data fully restored from a back-up.

On December 20 -- more than a week after the initial hardware failure -- the ATO said it was still experiencing reduced functionality across some of its systems.

"What compounded the problem beyond the initial failure was the subsequent failure of our back-up arrangements to work as planned," Jordan explained previously. "The failure of our back-up arrangements meant that restoration and resumption of data and services has been very complex and time-consuming."

The tax office's systems fell over again on February 2, 2017, with the outage affecting all of its online services, including the ato.gov.au website.

While undergoing planned maintenance last week, the ATO experienced yet another outage, with its ato.gov.au website unavailable past its scheduled time.

The ATO will be undergoing further planned maintenance on May 1 and 2.

The ATO appointed PwC to conduct an independent review into the long-running incident at the end of January; the ATO is conducting a Post Incident Review of how the ATO responded to the December and February system incidents; and HPE is also undertaking its own "root cause review".

"The ATO will be transparent about the findings of these reviews," it said.

Editorial standards