Cyber Incident Victim: MyGov

On July 3, 2020, Australian financial publication Financial Review reported that login credentials for over 3,600 MyGov accounts were being sold on dark web marketplaces. These accounts formed part of a larger dataset containing approximately 150,000 compromised Australian ".com.au" domain credentials available for purchase across underground platforms. The MyGov credentials appeared alongside other Australian business and personal accounts in listings that priced individual logins between a few cents and several hundred dollars depending on perceived value. The dark web advertisements made no specific claims about how the credentials were obtained or when the breaches occurred. MyGov serves as the Australian government's primary online portal for accessing services like Centrelink, Medicare, and taxation systems, making compromised accounts particularly sensitive.

The exposure placed thousands of Australians at risk of identity theft and financial fraud due to the sensitive personal and financial information accessible through MyGov profiles. No specific details were disclosed regarding which government services linked to the compromised accounts might have been vulnerable to unauthorized access. The report did not indicate whether the credentials represented newly breached data or recycled information from prior incidents. The broader dataset of 150,000 Australian credentials suggested potentially widespread credential reuse across multiple .com.au domains beyond the government portal. Financial Review's coverage did not include statements from MyGov administrators or law enforcement regarding verification of the credentials' validity or any containment measures undertaken.