Her Majesty’s Revenue and Customs reported 17 serious data breaches to ICO
By Joy Dumasia
Her Majesty’s Revenue and Customs (HMRC) has reported a total of 17 serious data breaches to the Information Commissioner’s Office (ICO) over 15 months, from January 2020 to March 2021. The data analysed by niche litigation practice Griffin Law revealed in HMRC’s recently published Annual Report and Accounts.
According to the report, a total of 3,017 people were potentially affected by personal data-related incidents. In the most significant incident, 1,023 people were potentially impacted when an HMRC staffer used confidential information to change customer records on Her Majesty’s Revenue and Customs systems without authorisation. The most alarming infringement saw an HMRC employee caught accessing an internal system to locate his estranged wife and children, potentially affecting a total of 4 people.
During an office relocation, a customer’s locked pedestal desk was forced open, resulting in exposed personal identifiers such as ethnic origin and religious beliefs. The most frequent breach involved HMRC staffers using personal information to alter customer records on HMRC systems. This occurred on 11 separate occasions, potentially impacting a combined total of 2,999 people. HMRC stated in the report that they have learnt lessons from the incidents and are using them to review and strengthen their customer identity and authentication process.
HMRC stated in the report: “Protecting customer data is important to us, and we monitor our processes continually to prevent recurrences. In addition, HMRC is delivering enhanced data security, governance and reporting across the department.”
Donal Blaney, Founder of Griffin Law, commented on the breaches, stating: “HMRC wields draconian powers, and is increasingly out of control. This is further evidence that HMRC needs to be reined in. They think they’re above the law. They’re not. Such abuse of its powers, and such criminality, should be investigated to the fullest extent possible by the Information Commissioner and the police if taxpayers are to retain any confidence in HMRC.”
IBSi Daily News Analysis
March 05, 2024
Regulated firms at risk of financial crime due to lack of daily customer due diligenceRead More
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage