The HMRC loses data on 25 million child benefit recipients

November 20, 2007 5:07 PM

It is hard to really get your head around just how complete the failure at the HMRC today is in losing the unencrypted records of 25 million recipients of child benefit.  These records include names, addresses, national insurance data and even bank account details.  There are a few things to remember about this:


  1. It is a collosal failure of management for supposedly junior staff to be able to so easily extract such large quantities of highly sensitive data.  Even worse that any of the HMRC's staff were not aware of how vitally important it is to treat data on the public with real care.

  2. Measures being taken by the banks to ensure that accounts are not exposed to fraud by this measure should prevent money being stolen but won't prevent the data being used for mass identity-theft if it does fall into the hands of criminals.

  3. HMRC has been put under huge institutional strain by the need to implement an incredibly complex tax credits system.  This new crisis could easily be the unintended consequence of failures in other Government policies implemented by the HMRC.

  4. This will further damage trust in the Government's ability to protect public data.  This should mark the end of any attempts to collect vast amounts of new data.  Plans for identity cards should be abandoned.

  5. It will also further weaken people's faith in interacting with major institutions electronically.  More might feel the need to, for example, suffer the inconvenience associated with not having a bank account.  If people are scared into keeping their money in cash instead of in a bank this could even create medium term problems for the banking sector.

  6. While banks will cover any money taken in fraud thanks to this incident, ordinary bank-customers will not lose out.  However, if that happens banks might well have good cause to pursue the government - whose incompetence created this problem - for compensation.  If this lost data were to be used to take money from bank accounts fraudulently the taxpayer could wind up paying the bill.

Matthew Elliott, Chief Executive of the TaxPayers’ Alliance, said:

“It's appalling that Revenue and Customs were so careless with the personal details entrusted to them. Taxpayers should have the right to be confident that their personal details are safe and secure, especially given the growing problem of identity theft. The incompetent way in which data is handled by HMRC will horrify everyone and 25 million individuals, families and businesses have had their trust betrayed. Secretaries of State are responsible for all the actions of their Department, so Alistair Darling should be seriously considering his position tonight.”

It is hard to really get your head around just how complete the failure at the HMRC today is in losing the unencrypted records of 25 million recipients of child benefit.  These records include names, addresses, national insurance data and even bank account details.  There are a few things to remember about this:


  1. It is a collosal failure of management for supposedly junior staff to be able to so easily extract such large quantities of highly sensitive data.  Even worse that any of the HMRC's staff were not aware of how vitally important it is to treat data on the public with real care.

  2. Measures being taken by the banks to ensure that accounts are not exposed to fraud by this measure should prevent money being stolen but won't prevent the data being used for mass identity-theft if it does fall into the hands of criminals.

  3. HMRC has been put under huge institutional strain by the need to implement an incredibly complex tax credits system.  This new crisis could easily be the unintended consequence of failures in other Government policies implemented by the HMRC.

  4. This will further damage trust in the Government's ability to protect public data.  This should mark the end of any attempts to collect vast amounts of new data.  Plans for identity cards should be abandoned.

  5. It will also further weaken people's faith in interacting with major institutions electronically.  More might feel the need to, for example, suffer the inconvenience associated with not having a bank account.  If people are scared into keeping their money in cash instead of in a bank this could even create medium term problems for the banking sector.

  6. While banks will cover any money taken in fraud thanks to this incident, ordinary bank-customers will not lose out.  However, if that happens banks might well have good cause to pursue the government - whose incompetence created this problem - for compensation.  If this lost data were to be used to take money from bank accounts fraudulently the taxpayer could wind up paying the bill.

Matthew Elliott, Chief Executive of the TaxPayers’ Alliance, said:

“It's appalling that Revenue and Customs were so careless with the personal details entrusted to them. Taxpayers should have the right to be confident that their personal details are safe and secure, especially given the growing problem of identity theft. The incompetent way in which data is handled by HMRC will horrify everyone and 25 million individuals, families and businesses have had their trust betrayed. Secretaries of State are responsible for all the actions of their Department, so Alistair Darling should be seriously considering his position tonight.”

Latest Blogs: