Cyber fears as HMRC declares 17 serious data breaches to ICO
Her Majesty’s Revenue and Customs (HMRC) has reported a total of 17 serious data breaches to the Information Commissioner’s Office (ICO) over a 15 month period, from January 2020 to March 2021.
The data, analysed by niche litigation practice Griffin Law, was revealed in HMRC’s recently published Annual Report and Accounts.
According to the report, a total of 3,017 people were potentially affected by personal data-related incidents.
In the largest incident, 1,023 people were potentially impacted when a HMRC staffer used personal information to make changes to customer records on HMRC systems without authorisation.
The most alarming infringement saw a HMRC employee caught accessing an internal system to locate his estranged wife and children, potentially affecting a total of 4 people.
In another family related data breach, a customer received details about his former partner when making a SAR (Suspicious Activity Report) request for information, potentially impacting the customer and his ex-partner.
During an office relocation, a customer’s locked pedestal desk was forced open, resulting in personal identifiers such as ethnic origin and religious beliefs being exposed.
The most frequent breach involved HMRC staffers using personal information to alter customer records on HMRC systems. This occurred on 11 separate occasions, potentially impacting a combined total of 2,999 people.
HMRC stated in the report that they have learnt lessons from the incidents and are using them to review and strengthen their customer identity and authentication process.
In spite of the breaches, HMRC stated in the report: “Protecting customer data is important to us and we monitor our processes continually to prevent recurrences. In addition, HMRC is delivering enhanced data security, governance and reporting across the department.”
A number of other personal data-related breaches were revealed but were not required to be reported to the Information Commissioner, instead being recorded centrally within the department.
Donal Blaney, Founder of Griffin Law commented on the breaches, stating: “HMRC wields draconian powers, and is increasingly out of control. This is further evidence that HMRC needs to be reined in. They think they’re above the law. They’re not.
Such abuse of its powers, and such criminality, should be investigated to the fullest extent possible by the Information Commissioner and the police if taxpayers are to retain any confidence in HMRC” he continued.
Security specialist Edward Blake, Area Vice President EMEA for Absolute Software said: “HMRC stores and manages countless quantities of sensitive data on a daily basis. This marks HMRC and similar public sector organisations and large institutions as prime targets on the radar of opportunistic cyber attackers. Large organisations and governmental departments must be privy to this fact, and employ the right protection and security tools to protect customers’ data which is at risk.
“Today there are more access points than ever before for the cyber criminal, and organisations must defend against all possible angles. This includes protecting everything from firmware and devices, to apps and network connections. Adopting ‘Zero Trust’ protocols is one of the most effective ways of stopping bad actors in their tracks, and ensuring that a breach in the system does not necessarily equate to a breach of data. Also, leveraging self-healing technologies to detect and repair unhealthy applications and connections for optimal security and experience is key to boosting network and application security, and negating risk.”
Tim Sadler, CEO and co-founder of Tessian, commented: “The majority of today’s data breaches are caused by people. Why? Because people make mistakes, break the rules and can be hacked. As employees handle and control more data than ever before, organisations must take steps to protect data from incidents caused by people if they’re ever going to stop breaches.”
More in Tech, IT & Comms
CloudKubed announces exciting growth plans and officially opens new office space...
Tech for good company CloudKubed has recently moved into new larger office space at Witney Business & Innovation Centre (BIC) to accommodate their rapidly growing team and accelerate plans to make Oxfordshire a technology hub. The Mayor of Witney, Owen Collins, was invited to celebrate and officially open the new office space.
Guiding the Development of AI Systems
Guiding the Development of AI Systems Artificial Intelligence (AI) continues to transform how we live, work, interact and access services. There is potential for it to bring multiple benefits to the global population. However, this is balanced by significant concerns that AI systems could turn into a sci-fi nightmare. So, how can AI development be […]
Intertronics acquires Dyne Testing
~ Surface measurement business now a wholly owned subsidiary of Intertronics ~
From this author
Blenheim’s CEO opens up on solar
The first B4 Platinum Quarterly held in the stunning Clementines on the South Lawn at Blenheim Palace encapsulated all that is good about a business community coming together to network. One of B4’s most loyal supporters, Blenheim Palace, played host to over 100 business leaders from across Oxfordshire providing fantastic hospitality and enabling brilliant conversations.
UKRAINIAN AMBASSADOR SALUTES SURREY-BASED INVESTOR CHRIS BAXTER FOR SUPPORTING UKRAINIAN BUSINESS –...
Firm builds innovative modular homes for his war-torn country
HENLEY FESTIVAL TO CHAMPION NEXT GENERATION OF ARTISTS WITH EXCLUSIVE AUDI...
5 – 9 July 2023 | henley-festival.co.uk | #AudiXHenley | @henleyfestival