Misuse of information and communications technology (ICT) includes theft of hardware and software, unauthorised access to computer systems and inappropriate use of equipment. Internal unauthorised access is recognised as being a major contributor to data breaches, as employees may use legitimate access to computer systems in inappropriate and unauthorised ways. Risks of internal misuse of ICT in the public sector increase as new technologies emerge and more data about individuals are collated and stored by governments. This paper examines how ICT has been misused in the past within Commonwealth entities. It draws on the findings of the Fraud against the Commonwealth cenuses collected by the Australian Institute of Criminology (AIC) for the 2008–09, 2009–10 and 2010–11 reporting periods to document the nature and extent of the problem.