IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

HMRC suffered 17 data breaches over 15 months

According to a recent report, the breaches affected more than 3,000 individuals

Her Majesty's Revenue and Customs (HMRC) disclosed a total of 17 data breaches to the Information Commissioner's Office (ICO) over a 15-month period, according to a new report

Between January 2020 and March 2021, more than 3,000 individuals have potentially been affected by the 17 data breaches at HMRC, with the most impactful occurring in June 2020 when the department used personal information to make unauthorised changes to customer records.

Basic personal identifiers such as name and contact details were used during the incident in which potentially affected 1,023 individuals. The report indicates the impacted customers were informed of the incident.

Cases in which cyber criminals used personal information to make changes to customer records without proper authorisation formed the bulk of the 17 breaches. A total of 11 cases were of this nature each affecting different numbers of individuals, ranging between three and more than 1,000.

In almost all cases, the potentially affected individuals were informed following the breach with the exception of two incidents, affecting 48 and 160 individuals respectively, not meeting the threshold for communicating the matter with the customers. 

In both cases, basic personal information was thought to be involved however, after further investigation in each, either no evidence of customer impact was found or the customer data involved was so minimal it didn't meet the ICO's standards for disclosure.

Arguably the most serious violation affected four individuals in a case involving an HMRC staffer contravening departmental policy to access internal systems to locate their estranged wife and children - the affected individuals were informed in this case also and the staff member in question was dismissed, HMRC told IT Pro.

Other incidents involved sending one person's bank statements to the wrong person, in one case, and another involving HMRC breaking open a locked pedestal during an office move which led to the loss of "personal content" of one individual. 

"We take the protection of our customers’ information extremely seriously and continually monitor our systems and data to make sure that information is safe," HMRC told IT Pro in a statement.

Related Resource

Automating the modern data warehouse

Freedom from constraints on your data

Automating the modern data warehouseFree Download

"In some of these incidents, customer accounts were accessed using personal data that criminals could have obtained through a variety of methods, including breaches of other organisations’ security. We have established processes for when a customer record is affected by fraudulent activity by a criminal third party.

"We deal with millions of customers every year and tens of millions of paper and electronic interactions. Security and privacy are at the heart of our work. We investigate all security incidents, taking immediate action to reduce the possibility of recurrence," it added.

Elsewhere in the report, HMRC also said it has been engaging with the ICO not just in cases where it was legally required to do so. Regular collaboration between HMRC's data protection team and the ICO took place during this period, in addition to HMRC providing consultancy on new policies and legislation.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022