The news that HMRC have suffered yet another major security breach comes just three years after an HMRC employee lost a disc containing details of 25 million tax credit claimants.
The blunder came to light after a woman from Bedfordshire received post from companies such as Direct Line Insurance, Churchill Home Insurance, Sun Life Direct Funeral Care and Sky television using an incorrect surname which had previously only appeared on an HMRC database.
The Tory candidate for North East Bedfordshire has called upon the Information Commissioner, the regulatory body for personal data, in addition to the police and the Treasury for action to be taken.
“This must now be inquired into to protect perhaps millions of people.”
Charities, including Macmillan cancer support and the Dogs Trust, had also written to the lady in question but there is no evidence to suggest that these companies have acted improperly.
It is believed that HMRC installed a new computer system roughly a month before the junk mail began to arrive but it is not known how the companies obtained the information from the HMRC database.
An HMRC gave the following statement:-
“HMRC takes data security extremely seriously, and has comprehensive procedures and checks in place to protect customer data. We are bound by strict rules of confidentiality which prohibit the department from selling on customer details.
While we cannot comment on individual taxpayers, we’ll be happy to consider further correspondence on this matter, and will respond on due course.”
It seems that every week we hear a new story about another security breach from HMRC involving our confidential data, something which taxpayers are getting fed up with.
HMRC are always quick to defend their agency stating that they take data security very seriously but it just keeps on happening.
We never hear anything about the blunders afterwards and so, to the innocent taxpayers, it seems as though HMRC simply sweep it under the carpet and let it happen time and time again.
When will they actually do something to protect our data?