Feeling that sense of dread when you suspect a stranger has accessed your tax details is unsettling, but rest assured, the Australian Taxation Office (ATO) has a formal system to help you regain control. The ATO identity theft support process is a structured response designed to secure your Tax File Number (TFN), correct your records, and stop fraudulent activity. This guide provides the clear, step-by-step process you need.

Your Key Actions for ATO Identity Theft

• Act Immediately: Secure your myGov, email, and bank accounts by changing passwords and enabling multi-factor authentication.
• Report to the ATO: Contact the ATO’s dedicated identity theft and fraud support team to officially start the support process.
• Verify Your Identity: Be prepared to complete the ATO’s proof of identity process to confirm you are the legitimate owner of the account.
• Correct Your Records: The ATO will investigate and reverse any fraudulent activity, such as false tax returns or incorrect bank details.
• Seek Extra Support: Contact IDCARE, Australia’s national identity support service, for a free and comprehensive recovery plan.
• Secure Business Details: If you’re a business owner, check your ABN and Director ID details on the Australian Business Register (ABR) for any unauthorised changes.

What is the ATO identity theft support process?

The ATO identity theft support process is the official framework for resolving tax-related identity fraud in Australia. It provides a critical pathway for individuals and businesses whose sensitive information has been stolen and misused within the tax and superannuation systems. The process aims to secure your tax profile, correct any fraudulent transactions, and prevent further misuse.

How the ATO defines identity theft or compromise

The ATO defines identity compromise as any situation where your personal details are used without your permission to commit fraud or other crimes related to tax and superannuation.

This extends beyond simple scams. It refers to a criminal actively using your identity to interact with the tax system. This could involve lodging a false tax return to steal a refund, fraudulently applying for an Australian Business Number (ABN), or changing your contact and bank details on file with the ATO. The core element is the unauthorised use of your identity to gain a financial advantage or avoid a tax obligation.

Common signs your identity is compromised with the ATO

Early detection of identity theft is the most effective way to limit the damage. While an unexpected tax refund is a clear red flag, most indicators are more subtle. Often, a criminal’s first move is to quietly update your contact details or add an unauthorised agent to your account, laying the groundwork for more significant fraud.

Keep an eye out for these specific warning signs:

• Receiving an SMS or email about a change to your myGov or ATO accounts that you didn’t make.
• Notices arriving about new debts, tax lodgements, or applications (like for an ABN or Director ID) that you did not initiate.
• Expected mail from the ATO, such as a Notice of Assessment, never arriving. This could mean a thief has changed your address.
• Your tax agent informs you that your tax return has already been lodged.
• Information in your myGov or ATO Online Services account, like your address or bank details, is incorrect.

The table below outlines what these signs might mean and the actions the ATO may take.

Sign of Compromise	What It Could Mean	What the ATO May Do While Investigating
Unexpected communication from the ATO about a refund or debt	A criminal may have lodged a false tax return or amended a previous one using your TFN.	Place temporary security measures on your account to prevent further changes.
Changes to myGov or ATO Online login details	Your account credentials may have been stolen, allowing access to your financial history.	Work with myGov to secure your account and suspend online access if necessary.
New ABN or business registration in your name	Your identity could be used for illegal business activities, creating future tax liabilities.	Investigate the registration, liaise with the ABR, and cancel fraudulent ABNs.
Missing refunds or notices	Your mail or bank details may have been redirected to an account controlled by a criminal.	Trace missing funds, correct your contact and bank details, and re-issue correspondence.
Unsolicited login codes or password reset requests	Someone is actively trying to access your accounts, suggesting your credentials are known.	Advise on securing your myGovID and recommend changing passwords on related accounts.

ATO identity theft support process

When you suspect an identity compromise, a structured response is crucial. The official ATO identity theft support process provides a clear path back to security. Your main objectives are to report the breach, secure your accounts, and collaborate with the ATO to restore your tax records.

The ATO’s Client Identity Support Centre is a specialised team that handles these situations. They will guide you through the necessary steps.

Here is the step-by-step process to follow:

1. Contact the ATO Immediately: Call the ATO’s dedicated fraud support team. Have your Tax File Number (TFN) ready, but never provide it until you are certain you are speaking to an official ATO representative. Clearly explain what has happened and provide any evidence you have collected.
2. Complete the Proof of Identity Process: The ATO must verify you are the legitimate owner of the TFN. This is a non-negotiable security step. You will be asked to provide specific documents to re-establish your identity. This may include primary documents (e.g., birth certificate, passport) and secondary documents (e.g., driver’s licence, Medicare card). Check current ATO guidance for the exact requirements.
3. Secure Your Accounts: The ATO will place protective measures on your tax account to prevent further unauthorised activity. You should also change passwords for myGov, email, and online banking, and enable multi-factor authentication everywhere possible.
4. Cooperate with the Investigation: The ATO will investigate to identify and reverse any fraudulent actions. This could involve removing false tax returns, cancelling illegally obtained ABNs, or correcting bank details. Patience is important, as this can take time.
5. Seek External Support: It is highly recommended to contact IDCARE, Australia’s national identity and cyber support service. They offer free, expert guidance and can help you create a response plan that covers all affected areas of your life, not just tax.

For more help with TFN security, review our guide on how to find and manage your Tax File Number in Australia.

Worked example: false tax return lodged

Let’s consider a common scenario. Sarah, a small business owner, receives an SMS from myGov about a tax refund she wasn’t expecting. She logs into her ATO online services guide and sees that a tax return has been lodged for the recent financial year without her knowledge, directing a refund to an unrecognised bank account.

1. Immediate Action: Sarah calls her bank to report the fraudulent transaction. She then immediately contacts the ATO’s identity theft support phone number.
2. Reporting: She explains the situation, providing the date of the fraudulent lodgement and confirming the incorrect bank details.
3. Verification: The ATO representative guides her through the proof of identity process over the phone.
4. Correction: The ATO freezes her account to block further changes, begins reversing the fraudulent return, and launches a full investigation into the compromised TFN.

Because Sarah acted quickly, the ATO was able to initiate the recovery process immediately, minimising the financial and administrative impact. If a fraudulent debt had been created, this process would also protect her from potential tax disputes & ATO errors.

myGov, TFN and ATO Online Services risks

Your myGov account is the gateway to your personal tax information, making it a prime target for criminals. A compromised myGov account can give a fraudster access to your TFN, lodgement history, and personal details held by the ATO.

Similarly, your myGovID is the digital identity you use to access government online services. If a criminal gains control of your myGovID, they can potentially access not only your personal tax affairs but also business services if you are a director or sole trader. Protecting your login credentials for these platforms is fundamental to your overall identity security.

Identity Theft for Business Owners and Directors

Identity theft poses significant small business tax risks. For company directors and sole traders, a security breach can extend beyond a personal TFN to compromise your Australian Business Number (ABN) and Director ID.

Once criminals have your ABN, they can issue fake invoices, fraudulently claim GST credits, or alter your details on the Australian Business Register (ABR). This can damage your business’s reputation and create serious compliance issues.

Your Director ID links you to every company you are responsible for, a key part of your director ID obligations. If it’s compromised, a criminal could attempt fraudulent changes to company records through the Australian Business Registry Services (ABRS), such as changing officeholders or applying for credit in your company’s name.

If you suspect your business identity is compromised, the ATO identity theft support process also covers business-related fraud. You must report the issue to the ATO and potentially the ABRS, depending on which details were stolen. For more on business registration compliance, consult a professional adviser.

How long the ATO identity theft process takes

There is no single timeline for an ATO identity theft investigation. A straightforward case may be resolved in a few weeks. However, complex situations, such as those involving business identity theft or multiple fraudulent lodgements, could take several months. The ATO’s priority is to secure your account first, then methodically correct the record. Always check current ATO guidance for the latest service standard timeframes.

Common mistakes and quick fixes

Navigating the ATO identity theft support process can be stressful. Here are common pitfalls to avoid:

• Mistake: Delaying the report.
  • Quick Fix: Call the ATO fraud support team as soon as you suspect a problem. The faster you report it, the quicker they can secure your account.
• Mistake: Using compromised passwords.
  • Quick Fix: Immediately change the passwords on your myGov, email, and banking accounts. Use a password manager to create strong, unique passwords and enable multi-factor authentication.
• Mistake: Ignoring external support.
  • Quick Fix: Contact IDCARE. Their free, expert service provides a comprehensive recovery plan that goes beyond just your tax affairs.
• Mistake: Responding to phishing emails or SMS.
  • Quick Fix: Never click links or provide personal information in response to unsolicited messages. The ATO will not ask for your TFN or password via email or SMS. Report scams to the ATO and the Australian Cyber Security Centre via ReportCyber.

ATO identity theft response

Use this checklist to stay focused while navigating the ATO identity theft support process.

First 24 Hours: Containment

• [ ] Change passwords for myGov, primary email, and online banking.
• [ ] Enable multi-factor authentication (MFA) on all critical accounts.
• [ ] Contact your bank’s fraud department to report any financial impact.
• [ ] Gather evidence: take screenshots, save suspicious emails/SMS, and note dates.

First Week: Reporting & Recovery

• [ ] Call the ATO’s Client Identity Support Centre to report the compromise.
• [ ] Have your TFN and collected evidence ready for the call.
• [ ] Register your case with IDCARE for a free response plan.
• [ ] If a cybercrime occurred, file a report with the Australian Cyber Security Centre.
• [ ] Begin the ATO proof of identity process as instructed.

Long-Term: Security & Monitoring

• [ ] Regularly review your ATO, myGov, and bank statements for unusual activity.
• [ ] Request a free copy of your credit report to check for fraudulent accounts.
• [ ] Remain vigilant against phishing scams claiming to be from the ATO or myGov.

Frequently Asked Questions

How do I report identity theft to the ATO?

To report identity theft, you must contact the ATO’s Client Identity Support Centre directly by phone. Prepare your Tax File Number (TFN) and any evidence of the compromise before calling. This call officially begins the ATO identity theft support process and allows them to place protective measures on your account.

What happens when your TFN is compromised?

When your TFN is compromised, the ATO will work with you to secure your tax account. This involves adding enhanced security measures to prevent further unauthorised access. They will investigate any fraudulent activity, such as false tax returns, and correct your records. The ATO rarely issues a new TFN.

Can a tax debt from identity theft be waived?

Yes. If the ATO’s investigation confirms a tax debt was created fraudulently using your identity, you will not be held liable for it. The purpose of the investigation is to identify and remove such activity from your record, ensuring you do not have to pay a debt that is not legitimately yours.

How do I re-establish my identity with the ATO?

To re-establish your identity, you must complete the ATO’s proof of identity process. The ATO will instruct you on the specific documents required, which typically include a combination of original or certified copies of primary documents (like a passport or birth certificate) and secondary documents (like a driver’s licence or Medicare card).

Will the ATO give me a new TFN after identity theft?

It is extremely unlikely. The ATO’s approach is to secure your existing TFN by applying extra security measures and monitoring to your account. Issuing a new TFN is a measure of last resort, reserved only for the most severe cases where other protective actions have proven insufficient.

What is IDCARE and should I contact them?

IDCARE is Australia’s national identity and cyber support community service. It is a not-for-profit organisation that provides free, expert support to individuals and businesses impacted by identity crime. It is highly recommended to contact them, as they provide a tailored response plan to help you recover.

Book a consult with Nanak Accountants & Associates -1300 NANAK TAX (626 258).