November 20, 2007
Taxman loses sensitive personal data on 25m people
Tax chief quits and 7.2 million families warned to check their bank accounts for fraud after personal data lost in post
Alistair Darling made a statement to the Commons this afternoon about the security breach at the tax office
Image :1 of 2
Nico Hines and Philip Webster, Political Editor of The Times
The personal and bank details of 25 million people - almost every child in the country as well as their parents and carers - have been lost by HM Revenue & Customs, the Government admitted today.
Names, addresses, dates of birth, employment and bank details all went missing when two CDs containing the information were mislaid.
Alistair Darling told the House of Commons that the discs containing the highly sensitive information failed to arrive after they were sent in the ordinary internal mail between government departments.
MPs gasped as they heard the scale of the catastrophic breach of security guidelines.
Related Links
Q&A: what to do now
Data 'fiasco' leads to calls for law changes
Factfile: the taxman's mistakes
The Chancellor admitted that HMRC had made the same mistake on several occasions in the past six months.
Mr Darling said that he was informed of the security breach ten days ago and, four days later, asked the police to investigate.
Paul Gray, the chairman of the Revenue, resigned today as the blunder became public knowledge and Opposition leaders have called on the Chancellor to consider his own position.
George Osbourne, the Shadow Chancellor, attacked Mr Darling for "lurching from one crisis to another" during his reign at the Treasury.
“Let us be clear about the scale of this catastrophic mistake,” he said. “His department has compromised the security and safety of every family in the land.”
Derisive laughter from MPs had met Mr Darling's admission: "I regard this as an extremely serious failure.". He advised every parent who claims Child Benefit to look very closely at their bank statements in the coming weeks for signs of fraud or identity theft.
The Chancellor said: “The whole House will agree that the way in which this has been handled was inexcusable. HMRC has well laid down established procedures which were breached. There is no excuse whatsoever for breaching these.”
On October 18, CDs carrying the personal details of every Child Benefit claimant were sent to the National Audit Office by a junior member of HMRC. The package was not recorded or registered.
When it was discovered that those CDs had never reached their destination the information was posted again – this time by recorded delivery, but still against protocol.
The loss was not reported to senior Revenue management until November 8 - three weeks later. Mr Darling said he was informed on November 10 and, on November 14, he ordered the police to be called in.
An identical lapse in security procedure was detected at the HMRC in March. On that occasion the CD happened to reach the NAO safely. The Data Protection Act, passed by the Labour Government, demands that far more stringent security measures are put in place.
Vince Cable, the acting Liberal Democrat leader, said: “The Treasury and its agencies have replaced the Home Office as the department in government which is most ‘unfit for purpose’."
Related Links
Q&A: what to do now
Data 'fiasco' leads to calls for law changes
Factfile: the taxman's mistakes
The Chancellor claims that the delay in publicising the latest error was requested by the banks who wanted to prepare their response before alarming the public.
He sought to assure potential victims of identity theft that they would be recompensed in the event of any bank account losses.
Mr Darling announced that the Independent Police Complaints Commission, who monitor the HMRC, would launch an investigation into the loss, but insisted: “There is no evidence this data has reached the wrong hands. There is no evidence of fraud or criminal activity.
“Banks and building societies are putting in place safeguards to protect people’s accounts. No one will suffer any loss if they are an innocent victim of fraud.”
The Metropolitan Police confirmed it is investigating the lost data and reports have suggested that police visited Child Benefit offices in Waterview Park, Tyne and Wear. A Scotland Yard spokesman said it was assisting Northumbria Police with the inquiry.
The scale of the scandal made it virtually inevitable that Mr Gray, who is highly thought of in Whitehall, would resign.
In his resignation letter, circulated to all Revenue staff, he wrote: "I am announcing today that I will be standing down as HMRC Chairman as a result of a substantial operational failure in the Department.
"This is not the way I would have planned to organise my departure from HMRC. I had hoped to be around for a while longer and to have had the continuing privilege of leading HMRC towards the vision we have been developing.
"But I am extremely proud of what all of you in the organisation have achieved during my time as Deputy Chairman and Chairman."
Security experts said the magnitude of the latest breach was unprecedented. Simon Davies, a senior visiting fellow at the London School of Economics who specialises in data security, said it was "spectacular, an example of the very worst practice possible".
He went on: "There is no way this amount of information should ever be committed to a single disk or computer."
This is not the first time security practices at HMRC have been called into question.
Related Links
Q&A: what to do now
Data 'fiasco' leads to calls for law changes
Factfile: the taxman's mistakes
Last month 15,000 Standard Life customers were told that they could be at risk of fraud after a disk containing personal information on taxpayers went missing between the Revenue and the company's headquarters in Edinburgh.
The disk contained names, national insurance numbers, dates of birth and other pension details of Standard Life customers.
The Revenue routinely copies taxpayers' personal information on to disks that are then sent via courier from its Newcastle office to companies that manage pension accounts.
There are also reported cases of tax rebates being sent to the wrong address and of recipients using the information to commit identity fraud.
In 2005, there were almost 2,000 reported cases of national insurance numbers being used by more than one person.
HMRC is one of the newest government departments, it was formed by the merger of HM Revenue and Customs and Excise in 2005.
It was immediately ordered to trim 25,000 of the 94,000 total staff, cutting costs year-on-year, while it was simultaneously ordered to improve services.
Only last month the Institute of Chartered Accountants (ICA) delivered a damning verdict saying the two targets were at odds.
"It seems to us that HMRC is struggling to try and meet them both and that something has had to give in the meantime, namely the quality of HMRC’s services," said an ICA report.
The giant department collects taxes and other Government receipts worth around £400 billion a year.
Enviado: 20/11/2007 20:16