HM Revenue and Customs (HMRC) has sought extra money from the Treasury to improve IT security after the loss of data on child benefit claimants.
Directors need to make a series of technical changes and improvements to processes to improve IT security and its management.
The request for more money is awkward for HMRC after it was proud to tell MPs in January 2008 that it had managed to save more money than the target set for it under a government efficiency review. In 2004, the government set HMRC a target of £507m to be saved by the end of March 2008.
But HMRC told the House of Commons that by 1 December 2007 it had already saved £533m. This was mostly achieved by cutting about 14,000 staff.
Now it has emerged that HMRC has been on a trajectory to spend more than its financial allocation in the year 2007/08.
And HMRC has submitted a request to the Treasury for more money after the "data security incident". In October last year an HMRC official put two CDs containing details of child benefit claimants in an envelope and sent it by courier to the National Audit Office. The CDs have been missing ever since.
Anyone finding them would need only to break a short password on Winzip files version 8 to see the unencrypted personal data and bank account details on 25 million people. Now HMRC officials say they have upgraded to 256-bit encryption with at least a 20-character password.
Data security is now top IT priority - before data resilience was a top priority.
HMRC's directors were told the request to the Treasury for extra resources was to "assist in taking actions to re-balance risks resulting from change, which have been put into a different relief following the recent data security incident".
HMRC's board was told on the request that extra money, "Discussions are under way with ministers and Treasury officials."
Asked about the request for extra money, a spokeswoman for HMRC said, "Each year HMRC allocates its budget to priority areas, including data security. We are agreeing funding for the coming year that allows us to address infrastructure needs, Capability Review requirements and our all-round performance."