HMRC Reported 11 “Serious” Personal Data Incidents to ICO this Financial Year

HM Revenue and Customs (HMRC) has reported 11 “serious” personal data incidents to the Information Commissioner’s Office (ICO) in the most recent financial year, according to official figures.

As disclosed in its recent annual report, HMRC outlined that the incidents are estimated to have affected more than 23,000 people in total.

The most widespread and serious personal data incident recorded in the report occurred in May. In that instance, National Insurance number letters relating to 16-year-old children were sent out with incorrect details, impacting up to 18,864 members of the public.

The most severe incident occurred in February when a fraudulent attack resulted in 64 employees’ details being obtained from three PAYE schemes. Various personal info was leaked with 573 people said to have been impacted as a result.

Commenting on the report, HMRC said: “We deal with millions of customers every year and tens of millions of paper and electronic interactions. We take the issue of data security extremely seriously and continually look to improve the security of customer information. We investigate and analyses all security incidents to understand and reduce security and information risk. We actively learn and act on our incidents.”

Donal Blaney, principle at Griffin Law, added: “Taxpayers have a right to expect their sensitive personal data to be kept secure by the taxman. The Information Commissioner should immediately investigate HMRC for these breaches and hold the taxman to account for this breathtaking incompetence.”