In a statement issued to the media on Thursday (4 July), MYOB said that “a small number of system issues” impacted its AccountRight Live product in the final days of the last financial year, which impacted general performance, including the sending of emails and backing up of files.
Some of these issues, MYOB said, were “beyond our control”.
But the biggest glitch has been the sending of incorrect annual payment summaries to users.
“We became aware of a glitch within our MYOB automated payroll program on AccountRight Live late last week and since that time we have been working around the clock to resolve it,” its statement said.
“On 28 June, we discovered a small number of people received incorrect payment summaries sent between 1 June and midday 28 June 2019. Our investigation has since revealed 220 individual payment summaries went to the incorrect person.
“We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors.”
The statement continued: “A small handful were detected and stopped, while all other payment summary emails have since been released in batches, with the final emails to be sent by close of business today.”
According to the software provider, customers were advised of the resulting delay to payment summary emails on its community forum and public status page.
It also said that affected customers and their employees are being contacted by phone individually, while updates have been put in place to avoid a reoccurrence.
The Tax Office and the Office of the Australian Information Commissioner (OAIC) have been advised of the situation, it said.
Contacted for comment on the issue, the OAIC said that it generally does not publicly comment on specific incidents.
A spokesperson for the ATO subsequently told My Business: “The ATO will assist taxpayers with dealing with any potential data breach that may affect their taxation affairs. We cannot comment on the specific matter.”
MYOB’s full statement is republished below.
What to do if your information is compromised
A MYOB spokesperson subsequently provided the following advice for anyone whose information was compromised:
- Check your bank statement for any unusual payments that you don’t recognise.
- Use strong passwords and change them regularly. Try to keep them at least eight characters long and use numbers, upper case, lower case and symbols. Where available, activate multi-factor authentication to protect accounts.
- Make sure your operating system, browser, plugins, and anti-virus/anti-malware software are up-to-date. Scan your computer for malware.
- Think carefully before entering credentials when asked. Ask yourself if this is normal. Do not enter credentials into a form loaded from a link sent to you in email, chat or SMS. Instead, use the method you would normally use to access your online services.
- Never give out personal details over the phone unless you’re sure who you’re speaking to.
- If you believe that your TFN has been compromised, you can report it to the Australian Taxation Office.
More to come.
MYOB statement: issued Thursday, 4 July 2019:
The end of financial year is a busy time for businesses and we are very conscious of the heightened need for smooth system functionality.
There have been a small number of system issues on AccountRight Live impacting general performance during this End of Financial Year period, some of which have been beyond our control. This has included backing up files and sending emails.
Further, we became aware of a glitch within our MYOB automated payroll program on AccountRight Live late last week and since that time we have been working around the clock to resolve it.
On 28 June we discovered a small number of people received incorrect payment summaries sent between 1 June and midday 28 June 2019. Our investigation has since revealed 220 individual payment summaries went to the incorrect person.
We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors. A small handful were detected and stopped, while all other payment summary emails have since been released in batches with the final emails to be sent by close of business today.
Customers were informed of the delay in sending payment summary emails on our community forum and MYOB’s public status hub page.
Steps taken to resolve include:
- calling impacted customers and working with them to safely and correctly dispose of the misdirected payment summary emails.
- calling impacted employees whose payment summaries were sent to another person and talking them through steps to protect personal identity as well as providing a fact sheet with additional information.
- successfully implementing technical ‘releases’ to ensure the incident does not reoccur.
- working closely with the ATO and Office of the Australian Information Commissioner to ensure that all appropriate steps are taken.
We take our responsibility in protecting data privacy incredibly seriously and understand this will have had an impact on the individuals affected. We are sincerely sorry for the situation, as well as the frustrations experienced by all our AccountRight Live customers caused by the delay in sending the payment summary emails. We apologise for the inconvenience caused as we know it is a busy time of year for businesses, however we could not take the risk with such sensitive, personal information.
We are aware that our call centres have experienced a significant uplift in calls from customers due to the introduction of Single Touch Payroll. To help manage this we doubled the size of the support team to more than 600 people to handle the expected extra call volume. Unfortunately, call volumes are exceeding our expectations, which is driving higher wait times. Our average wait time yesterday was just shy of 30 minutes however we are seeing pockets of time throughout the day where it is getting to the hour mark.
We do have a call back service, however due to the higher demands on our contact centre team with the higher than expected volume of calls, we have not had the capacity to offer a call back service to everyone. The telephony system detects the call waiting times and available slots for a call back. If this option is available the system will activate the IVR process.
We emphasise our sincere apologies for the situation and assure our clients we are doing everything we can to manage expectations.