Britain's HMRC Tax Agency Admits Numerous Data Breaches

The British tax collection agency, Her Majesty's Revenue and Customs (HMRC) has disclosed a total of 17 data breaches to the Information Commissioner’s Office Information (ICO) over a 15-month period.

Over the period between January 2020 and March 2021, more than 3,000 individuals have potentially been affected , with the most impactful occurring in June 2020 when the department used personal information to make unauthorised changes to customer records.

Basic personal identifiers such as name and contact details were used during the incident in which potentially affected 1,023 individuals. The report indicates the impacted customers were informed of the incident.

During 2020 to 2021, there was a significant increase in criminal attacks on the Self Assessment repayment system, according to HMRC's annual report. “As criminals make more sophisticated attacks upon our systems, we have worked to further improve and strengthen our controls to sustainably reduce the level of attempted fraud and its impact on legitimate customers. In 2020 to 2021 over £1.5 billion of Revenue Loss was protected through the SA Repayment System,” says their report

“Cyber security has proved more challenging, as we continue to implement protections against the evolving threat from cyber criminals, ensuring a high order of IT resilience and system security, whilst delivering new essential services for customers throughout the COVID-19 pandemic. Our programmes are delivering mitigating solutions that reduce the exposure of our cyber security risk to within acceptable levels, but we continue to closely monitor this risk.”

Cases in which cyber criminals used personal information to make changes to customer records without proper authorisation formed the bulk of the 17 breaches. A total of 11 cases were of this nature each affecting different numbers of individuals, ranging between three and more than 1,000.

In almost all cases, the potentially affected individuals were informed following the breach with the exception of two incidents, affecting 48 and 160 individuals respectively, not meeting the threshold for communicating the matter with the customers. In both cases, basic personal information was thought to be involved however, after further investigation in each, either no evidence of customer impact was found or the customer data involved was so minimal it didn't meet the ICO's standards for disclosure.

According to the ICO, the tax agency failed to obtain consent for the use of recorded voice messages and other personal biometric data of tax payers. 

The HMRC says it blames some of the security incidents on human error and intends to improve staff training  education to reinforce good security and data-handling processes. “We do this through mandatory security training covering the Data Protection Act and UK GDPR and through targeted and department-wide education and communications campaigns,“ says the Report.   

Gov.UK:    Information Commissioner's Office:     DIGIT:       ITPro:     Verdict:  

You Might Also Read: 

Boris Johnson's Cabinet Office Fined £500k For Leaking Data:

 

« Most British Workers Are Unaware Of Cyber Threats
Belgium’s Military Suffer From Log4j Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Karlsruhe Institute of Technology (KIT)

Karlsruhe Institute of Technology (KIT)

KIT is a leading research and education institutions with strong capabilities in information systems and security.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

Firmitas Cyber Solutions

Firmitas Cyber Solutions

Firmitas’ ValidiGate is a disruptive attack-prevention solution providing operational assurance and security for industrial and mission-critical systems.

CI-CERT

CI-CERT

CI-CERT is the national Computer Incident Response Team for Cote d'Ivoire.

Confederation of Ethical Recruiter in Information Security (CERIS)

Confederation of Ethical Recruiter in Information Security (CERIS)

The Confederation of Ethical Recruiter in Information Security (CERIS), is a membership organisation designed to assist those providing & buying Cyber Security Recruitment services.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

PagerDuty

PagerDuty

PagerDuty is the central nervous system for a company’s digital operations. We identify issues in real-time and bring together the right people to respond to problems faster.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.