Griffin Law has accused HMRC of “breath-taking incompetence” over 11 ‘serious’ personal data breaches that affected more than 20,000 people.

Last month HMRC published its annual report which outlines several data breach incidences.

According to the Kent-based law firm, the most widespread and serious personal data incident recorded in the report happened in May this year at the height of lockdown, when National Insurance number letters relating to 16-year-old children were sent out with incorrect details, impacting up to 18,864 members of the public.

"Human error is the leading cause of data breaches today. And given that people are in control of more data than ever before, it's also not that surprising that security incidents caused by human error are rising,” said Tim Sadler, CEO, Tessian. "That's not to say, though, that people are the weakest link when it comes to data security. Mistakes happen - it's human nature - but sometimes these mistakes can expose data and cause significant reputational and financial damage.

“It's an organisation's responsibility, then, to ensure that solutions are put in place to prevent mistakes that compromise cybersecurity from happening - alerting people to their errors before they do something they regret."

A HMRC spokesperson said: "We deal with millions of customers every year and tens of millions of paper and electronic interactions. We take the issue of data security extremely seriously and continually look to improve the security of customer information. We investigate and analyse all security incidents to understand and reduce security and information risk. We actively learn and act on our incidents."

Share Story: