Inland Revenue warns of rise in malicious activity as hackers access 300 myIR accounts

NZ Herald

2 Apr, 2026 03:08 AM2 mins to read

Subscribe to listenAccess to Herald Premium articles require a Premium subscription. Subscribe now to listen.Subscribe now

‌

SaveShare this articleCopy LinkEmailFacebookTwitter/XLinkedInReddit

Inland Revenue says 500,000 malicious logon attempts for myIR accounts were noticed last month. Photo / NZME

Cyber criminals gained access to 300 myIR accounts over two weeks but no financial losses were reported, Inland Revenue says.

The tax agency said it noticed a significant increase in malicious logon attempts last month, with more than 500,000 such efforts.

“Inland Revenue believes two-step verification, rolled out last year
to give an added layer of protection, prevented access to most accounts. However, around 300 myIR accounts which did not have 2SV set up were accessed,” Inland Revenue said.

“Those 300 accounts have been closed, and we are monitoring up to 900 accounts where a correct password was entered, but two-factor authentication prevented access.”

Inland Revenue said it is contacting the 300 affected customers to let them know unusual activity on their account was detected.