10,000 HMRC customers potentially impacted by serious data incidents

10,896 HMRC customers have been potentially affected by data incidents reported to the Information Commissioner's Office (ICO) over the past 12-months.

In its latest annual report and accounts for 2021 to 2022, the government department revealed that on three occasions personal information was used to make changes to customer records on HMRC systems without authorisation.

There were 16 cases of unauthorised disclosure and one incident where there was a loss of inadequately-protected electronic equipment, devices or paper documents from secure government premises.

Two further incidents were not disclosed by HMRC.

The scope of impact for personal data related incidents has declined over the past year in comparison to 2020-2021, when 18,298 customers were potentially impacted. However, there were four more incidents recorded for the latest year.

HMRC said that this year it has implemented a Cyber Tactical Remediation Programme, moved a significant number of its services out of legacy data centre environments, and continued de-commissioning services.

“Due to the volume of staff that large organisations like HMRC employ, it is inevitable that data incidents are going to occur,” said Achi Lewis, area vice president EMEA for Absolute Software. “What’s crucial is that these organisations mitigate the volume of breaches as protecting customer data is vital.

“Staff training programmes are one aspect of the solution, and HMRC should be commended for taking this seriously. Arming staff with the knowledge of potential threats and the consequences of breaches can help them stay vigilant, and prevent potential losses before they occur, as well as being able to improve their reporting of these incidents.”

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.