Her Majesty’s Revenue and Customs (HMRC) reported 17 serious data breaches to the Information Commissioner’s Office (ICO) between January 2020 and March 2021.
Griffin Law analysed the data from the HMRC’s Annual Report and Accounts and found that a total of 3,017 people were potentially impacted by personal data-related incidents.
The biggest event left 1,023 people impacted. It occurred when a HMRC staffer used personal information to make changes to customer records on HMRC systems without authorisation.
An alarming infringement saw a HMRC employee caught accessing an internal system to locate his estranged wife and children, potentially affecting a total of 4 people.
In another incident, a customer received details about his former partner when making a suspicious activity report request for information, potentially impacting the customer and his ex-partner.
The report also identified one breach where a customer’s lock pedestal desk was forced open during an office relocation, which resulted in personal identifiers such as ethnic origin and religious beliefs being exposed.
The most common breach, happening 11 separate times in this 15-month period, involved HMRC staffers using personal information to alter customer records on HMRC systems. These infringements impacted a combined total of 2,999 people, it said.
In the HMRC’s report, it said it had learnt lessons from the incidents and will strengthen its customer identity and authentication process.
Donal Blaney, Founder of Griffin Law commented on the breaches, stating: “HMRC wields draconian powers, and is increasingly out of control. This is further evidence that HMRC needs to be reined in. They think they’re above the law. They’re not.
“Such abuse of its powers, and such criminality, should be investigated to the fullest extent possible by the Information Commissioner and the police if taxpayers are to retain any confidence in HMRC.”
Copyright © 2021 FinTech Global
Copyright © 2018 RegTech Analyst