The UK tax office reported 29 system breaches over the course of 2023-2024, with over 35,000 individuals impacted.
These incidents were all considered ‘serious’, according to details passed to the Information Commissioner’s Office, and represent a significant increase on the previous year.
Up 60%, six of the incidents saw ‘personal data used to make changes to customer records on HMRC systems without authorisation. A further three incidents involved ‘loss of inadequately protected electronic equipment, devices or paper documents from secured government premises.’
Further to this, on two occasions losses of equipment occurred at non-government locations. Meanwhile, there were 14 instances of ‘unauthorised disclosure’. However, the report notes that around 1.5billion suspicious and malicious events and potential attacks are blocked by HMRC security protocols on a monthly basis.
We take all these incidents seriously and are acting to address them,’ the HMRC report stated. ‘We have used the lessons learned from these incidents to review and strengthen our customer identity and authentication processes. Protecting customer data is important to us and we continually monitor our processes to prevent recurrences. We are also delivering enhanced data security, governance and reporting across HMRC.’
The figures have been released amid a £200million upgrade programme, remediating systems to ensure full compliance with General Data Protection Regulations. By April, 76 IT systems had completed this process, up from 17 during the previous 12 months.
‘We take the protection of our customers’ information very seriously and monitor our systems and data to ensure information is safe,’ said a spokesperson for HMRC. ‘We investigate all security incidents and continuously invest in security systems to ensure they offer the latest protection. We are aware of our data protection obligations and are committed to meeting them.’
More online networks and computing:
Image: Markus Spiske
Leave a Reply