Search TorNews

Find cybersecurity news, guides, and research articles

Popular searches:

Home » News » Government & Policy » New Zealand Man Jailed After Using Dark Web Data to Steal Tax Refunds

New Zealand Man Jailed After Using Dark Web Data to Steal Tax Refunds

Last updated:July 16, 2026
Human Written
  • A man from Auckland was sentenced to five and a half years in prison after he used stolen data from the dark web to scam New Zealand’s Inland Revenue.

  • He submitted 121 fake refund claims, but Inland Revenue’s security systems stopped most of them. He was able to cash in on claims worth NZ$251,035.74 before the agency caught him.

  • The offender increased his legal troubles when he faked a rehabilitation certificate in an attempt to receive a lighter sentence.

Ledyard Man Sentenced to 10 Years for Child Sexual Abuse Material Possession

A New Zealand man spent nearly two years buying stolen identities from dark web marketplaces. He then used that information to file fraudulent tax returns and Covid-19 support claims under innocent people’s names.

The scheme attempted to steal more than $2 million from the government. But Inland Revenue’s fraud detection systems stopped most of the money from ever leaving their accounts.

The Dark Web Data Operation

Ngwun Nicholas acquired mountains of stolen personal data from dark web marketplaces. He got user names and passwords for various popular websites, including Gmail, Facebook, LinkedIn, Netflix, and banking websites.

He was particularly keen on acquiring login details to the myIR portal of the Inland Revenue. The availability of such stolen data reflects the growth of platforms like Leak Bazaar, where hackers monetize corporate breaches beyond ransom demands.

This gave him direct access to legitimate taxpayer accounts. He then submitted fake documents without the victims ever knowing.

The fraudulent applications covered multiple government programs. These included Small Business Cashflow Scheme loans, Resurgence Support Payments, GST returns, and income tax amendments.

Authorities confirmed that at least 59 myIR accounts were compromised during the operation.

Creating Fake Identities and Bank Accounts

Ngwun did more than just steal online accounts. He used electronic templates to create counterfeit driver’s licenses, community service cards, and utility letters. These forged documents allowed him to open bank accounts under fake identities.

In four specific cases, he stole the identities of real people. He then opened bank accounts in their names. Any money from the fraudulent tax filings went directly into these accounts.

Once the funds arrived, Ngwun transferred the money to himself and his family members. This combination of stolen credentials, fake documents, and fraudulent bank accounts made his operation more sophisticated than typical tax refund scams.

Fake Rehabilitation Certificate Backfires

Initially, Ngwun’s sentencing was on January 20. However, a few days before the hearing, he submitted a sworn affidavit claiming that he completed a drug rehabilitation program.

The certificate of completion he provided bore a signature that appeared authentic, as if a rehabilitation staff member signed it. However, routine checks by Inland Revenue revealed the certificate was completely fake.

Investigators found that Ngwun had attended only one module of the program. The rehabilitation facility discharged him after he failed to return. The fabricated documents were clearly an attempt to receive a lighter sentence.

This discovery added new criminal charges. Ngwun pleaded guilty not only to tax and COVID fraud but also to perjury and fabricating evidence. The total came to twelve criminal charges.

Inland Revenue Blocks Most Fraudulent Claims

Despite the scale of the scheme, Inland Revenue’s security systems prevented the majority of payments from going through. Officials emphasized that their fraud detection tools identified suspicious activity early.

Jay Harris, Inland Revenue’s Information Security leader, described the case as the “new frontier of digital offending”. He noted that criminals are increasingly combining AI-assisted document manipulation with stolen online identities.

Harris said banks and other organizations also helped investigators trace Ngwun and limit financial losses. The agency didn’t mention specifically which AI tools Ngwun might have used.

But they warned that modern fraud schemes are becoming more automated. These schemes now use digital tools like AI to forge documents that appear really convincing unless you look deeper.

Wider Crackdown on Covid 19 Fraud

Ngwun’s prosecution is part of a broader effort by Inland Revenue to recover money lost through pandemic support programs. Authorities have already prosecuted 15 people for fraud involving the Small Business Cashflow Loan Scheme, the Covid Support Payment, and the Resurgence Support Payment.

Another 17 cases are currently before the courts. Officials are conducting more investigations. They noted that more funding from the government has boosted the Inland Revenue’s capability in solving such cases. The agency is now able to conduct audits and investigate suspicious claims more proficiently.

This case is yet another example of how stolen credentials on dark web markets keep fueling financial crimes. Also, this case demonstrates how various government agencies use fraud analytics, identity verification tools, and cooperation with financial institutions to uncover digital fraud operations at an early stage.

Share this article

About the Author

Memchick E

Memchick E

Digital Privacy Journalist

Memchick is a digital privacy journalist who investigates how technology and policy impact personal freedom. Her work explores surveillance capitalism, encryption laws, and the real-world consequences of data leaks. She is driven by a mission to demystify digital rights and empower readers with the knowledge to protect their anonymity online.

View all posts by Memchick E >
Comments (0)

No comments.