HMRC suffered 17 data breaches over 15 months

According to a recent report, the breaches affected more than 3,000 individuals

Her Majesty's Revenue and Customs (HMRC) disclosed a total of 17 data breaches to the Information Commissioner's Office (ICO) over a 15-month period, according to a new report

Between January 2020 and March 2021, more than 3,000 individuals have potentially been affected by the 17 data breaches at HMRC, with the most impactful occurring in June 2020 when the department used personal information to make unauthorised changes to customer records.

Basic personal identifiers such as name and contact details were used during the incident in which potentially affected 1,023 individuals. The report indicates the impacted customers were informed of the incident.

Cases in which cyber criminals used personal information to make changes to customer records without proper authorisation formed the bulk of the 17 breaches. A total of 11 cases were of this nature each affecting different numbers of individuals, ranging between three and more than 1,000.

In almost all cases, the potentially affected individuals were informed following the breach with the exception of two incidents, affecting 48 and 160 individuals respectively, not meeting the threshold for communicating the matter with the customers. 

In both cases, basic personal information was thought to be involved however, after further investigation in each, either no evidence of customer impact was found or the customer data involved was so minimal it didn't meet the ICO's standards for disclosure.

Arguably the most serious violation affected four individuals in a case involving an HMRC staffer contravening departmental policy to access internal systems to locate their estranged wife and children - the affected individuals were informed in this case also and the staff member in question was dismissed, HMRC told IT Pro.

Other incidents involved sending one person's bank statements to the wrong person, in one case, and another involving HMRC breaking open a locked pedestal during an office move which led to the loss of "personal content" of one individual. 

"We take the protection of our customers’ information extremely seriously and continually monitor our systems and data to make sure that information is safe," HMRC told IT Pro in a statement.

Related Resource

Automating the modern data warehouse

Freedom from constraints on your data

Automating the modern data warehouseDownload now

"In some of these incidents, customer accounts were accessed using personal data that criminals could have obtained through a variety of methods, including breaches of other organisations’ security. We have established processes for when a customer record is affected by fraudulent activity by a criminal third party.

"We deal with millions of customers every year and tens of millions of paper and electronic interactions. Security and privacy are at the heart of our work. We investigate all security incidents, taking immediate action to reduce the possibility of recurrence," it added.

Elsewhere in the report, HMRC also said it has been engaging with the ICO not just in cases where it was legally required to do so. Regular collaboration between HMRC's data protection team and the ICO took place during this period, in addition to HMRC providing consultancy on new policies and legislation.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022