
HMRC loses personal data for 25 million people in the post
Daily news headlines
LONDON – The chairman of the UK’s HM Revenue & Customs (HMRC), Paul Gray, resigned yesterday (November 20) after it was announced HMRC had lost the names, addresses, bank sort codes and account numbers for 25 million people.
Chancellor of the exchequer Alastair Darling – already under fire over his £24 billion Northern Rock rescue – admitted to parliament yesterday that the loss occurred over a month ago and that the government had known about the disks lost in the post since November 10.
It emerged that a junior employee sent the entire child benefit database on two CDs to the National Audit Office against all security protocol – they were then lost in the post.
UK police are making inquiries at HMRC, which does not believe the details have fallen into the hands of identity thieves. A single set of personal address and bank details could sell for £10 to £50 on the black market.
Gray – until his resignation one of the UK’s best-paid civil servants – might not have prevented political repercussions with his decision to take personal responsibility.
The impact of such lapses of security has been highlighted in recent years with high profile losses from a number of organisations, mainly in the US: “America has seen major security breaches in both the public and private sector,” says Jonathan Armstrong, partner at international law firm Eversheds. “Last year the US Department of Veterans Affairs, a government agency which deals with the payment of benefits to current and former servicemen in the US, lost data on 26.5 million people. Store group TJX, who own TK Maxx stores in the UK also lost the bank data of more than 90 million customers. Breaches involving the loss of audit data are also not uncommon - again in the US audit firms have been involved in incidents with the loss of over 240,000 records in a single breach.”
“The effect on the banking system should also not be underestimated,” he adds. “Some of the banks whose customers were involved in the TJX breach have started proceedings to recover their losses which they put at between $68 and $83 million. It is common in the US (where a different credit system exists) to pay for credit monitoring for all of those affected in addition to the actual losses suffered.”
HMRC was created in 2005, when the Inland Revenue and Customs and Excise institutions were merged to create the largest UK government department, cutting 25,000 jobs. “The HMRC breach will undoubtedly focus attention on the security procedures of the private sector as well as Government. Now is the time for businesses to update their response plans,” says Armstrong.
The news came as a study by CA and research consultancy YouGov highlighted growing fears in the UK about identity theft and the inadequate security of consumer details.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Regulation
How Finma milked Credit Suisse’s CoCos to close UBS deal
An unusual clause in Swiss AT1 bonds allowed them to be written off, but could others follow suit?
US banks race against time as Fed plays climate catch-up
Long-awaited US climate risk exercise puts tough pressure on banks’ data and models
EU banks need ‘billions’ in hedges to pass new NII test
Declines in net interest income can be hedged, but the markets may struggle to handle the demand
CFTC chair gloomy over crypto legislation prospects
FIA Boca 2023: Behnam also asks Congress to grant more powers to regulate third-party tech providers
Missing Basel metric could have revealed SVB risks
US regulators did not implement economic value of equity test that SVB failed badly in 2021
Strict term SOFR trading rules ‘permanent’ says Fed’s Bowman
Official says restrictions on use of term SOFR swaps “should not be expected to change”
Esma still wants more tools to tackle clearing crises
Even after Emir 3 draft, EU regulator would like more powers over both foreign and domestic CCPs
Club rules? How German retail trading venues shut out PTFs
Murky rule books prevent non-bank market-makers from competing for Europe’s growing online customer demand