HMRC has reported 17 serious data breaches to the Information Commissioner’s Office (ICO) between January 2020 and March 2021.

In the government department’s annual reports and accounts publication, it revealed that these incidents impacted 3,017 people.

The largest incident, which took place in June last year, saw 1,023 customers impacted by a breach where personal information was used to make changes to customer records on HMRC systems without authorisation. This included basic personal identifiers such as name and contact details.

In one case, an HMRC employee accessed an internal system to locate his estranged wife and children.

The government department said that it had learned lessons from the incidents and used them to review and strengthen its customer identify and authentication processes.

It added that it is enhancing data security, governance, and reporting across the department.

“HMRC wields draconian powers, and is increasingly out of control,” commented Donal Blaney, founder of Griffin Law, which analysed the HMRC data. “This is further evidence that HMRC needs to be reined in. They think they’re above the law. They're not.”

Blaney added: “Such abuse of its powers, and such criminality, should be investigated to the fullest extent possible by the Information Commissioner and the police if taxpayers are to retain any confidence in HMRC” he continued.”

Share Story: