HM Revenue & Customs puts 15,000 at risk of fraud


HM Revenue & Customs puts 15,000 at risk of fraud

Nick Booth

A CD containing personal data on 15,000 people has been lost by HM Revenue & Customs (HMRC) putting them all at risk of exploitation.

The disc was meant to be sent from the revenue office in Newcastle to insurance company Standard Life's headquarters in Edinburgh. But the confidential record of names, National Insurance numbers, dates of birth and pension data never arrived at its intended destination.

Now, having lost the data, HMRC and Standard Life are warning those at risk to be "vigilant".

It has emerged that HMRC routinely sends CDs containing personal data on taxpayers to the insurance companies that hold their pensions by courier. In this instance, in September, the courier lost the package.

However, John Gill, Standard Life's director for customer services, appeared unconcerned. "We have seen no indications of any suspicious activity," he said.

Warning letters have only now been sent to customers by HMRC and Standard Life, five weeks after the data breach occurred.

One customer, named as Carolyn, was not impressed by the loss of data. The delay in informing customers made things even worse, she argued.

"This happened at the end of September and it is a month before notification.

"They are saying that addresses were not on there, but if someone has your surname and date of birth it is not that difficult to track you down."

An investigation by the BBC's Money Box programme has now found that a second CD, from an unnamed firm, has gone missing from HMRC.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy