UK's Revenue and Customs loses 25 million customer records

UK's Revenue and Customs loses 25 million customer records

Computer discs containing the confidential information - including bank account details - of all 25 million child benefit recipients in the UK has been lost by HM Revenue and Customs (HMRC).

UK Chancellor Alistair Darling told MPs that two password-protected discs containing a full copy of HMRC's entire data in relation to the payment of the child benefit went missing while in transit from HMRC's headquarters in Washington, Tyne and Wear to the National Audit Office (NAO) in London in October.

The missing discs contain the confidential details of 25 million individuals - 7.25 million families - including children's names, addresses, dates of birth, National Insurance numbers and where relevant, bank and building society account details.

Darling said standard procedures were not followed by staff at HMRC as the package was sent by a junior official by courier, not by registered or recorded delivery. It did not arrive at the NAO.

The data was sent on 18 October and senior management at HMRC were told it was missing on 8 November. The chancellor was informed of the incidents on 10 November.

Darling said there was no evidence it had been used for fraudulent activity. The HMRC has set up a helpline for affected customers.

The chairman of HMRC Paul Gray has resigned in the wake of the security breach.

Meanwhile, London's Metropolitan Police are reported to be investigating the loss of the discs.

In a statement released in response to the incident, UK payments association Apacs says there is no evidence that the data has fallen into criminal hands nor that any fraud has been attempted as a result of this incident.

"Whilst this incident is extremely serious, at this stage customers should not be unduly concerned, as there's no evidence that the data has fallen into criminal hands," says Apacs chief executive, Paul Smee. "There is no need for customers to ask for a new account or to contact their bank or building society. There is no evidence of an increase in suspicious activity on those customers' accounts since the data was mislaid on 18th October."

Smee says in the event that anyone is the innocent victim of fraud as a result of this incident customers will be protected under the banking code and should not suffer any financial loss as a result.

Apacs says the details contained on the discs are not enough in themselves for an ID fraudster to access a bank account as additional security information and passwords are always required.

This is not the first security breach involving HMRC. Just earlier this month it was revealed that a CD containing confidential data for around 15,000 Standard Life customers had gone missing while in transit from HMRC to the insurer's headquarters in Edinburgh.

That followed an earlier incident in October when the HMRC reported that a laptop had been stolen containing data on up to 2000 people with investment ISAs. According to press reports a HMRC staff member had been using the PC for a routine audit of tax information from a number of investment firms.

Comments: (0)