Gray Tuesday for HMRC: Chairman resigns over data breach

Paul GrayPaul Gray, chairman of HMRC (pictured), has resigned after the admission that HM Revenue and Customs have lost the confidential details of up to 25 million individuals from 7.5 million families claiming child benefits.

The chancellor, Alistair Darling MP, admitted in a statement this afternoon that the data went missing when a “junior official” at HMRC sent two CD-ROMs to the National Audit Office using HMRC’s internal courier, TNT.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

"Affected account holders were urged to monitor their accounts"

AnonymousUser | | Permalink

Err... And how are you supposed to know if you are an affected account holder?

dahowlett's picture

pouring in

dahowlett | | Permalink

complaints are pouring in to the BBC have your say site. I counted 1500+ in <2 hours. By 6.30 it was up to 2.7K

silicondale's picture

How you know if you're affected ...

silicondale | | Permalink

If 25 million, there's a 50:50 chance. If you have any children it seems that makes it 100% chance.

And they want us all to trust them with our personal details for the ID card scheme. As far as i'm concerned, that's now a dead duck, if it wasn't before.

Personal information....

John Savage | | Permalink

And this shower in Government, in pursuit of their mythical "war on terror", wish us to divulge all our personal information to them for their outrageous ID card nonsense, and even this week they have proposed we give them 53 items of personal information, including such things as our credit card details, when we just wish to go on our holidays to Spain!! This information then to be shared around many of their departments which seem to employ illegal workers as security guards.

Trustworthy is an alien word to descibe these clowns.

Questions

Peter Tucker | | Permalink

Why on earth does anyone within HMRC, Junior, Middle ranking or Senior Management, think that it is acceptable to copy an ENTIRE database onto CD's?

Why does HMRC insist on electronic data transfer for PAYE End of Year Data, but apparently does not use such a system it's self?

Why is it always - a Junior Member of Staff - that is to blame. Is the concept - management of junior staff - foreign to HMRC?

How many mistakes, errors, inaccuracies, failure to correct and general mismanagement have to occur before HMRC Senior Management get their marching orders?

These any many more questions will be answered in the next episode.

I'm off

Anonymous | | Permalink

That's it - I'm closing my account with HMRC and moving to Northern Rock.

listerramjet's picture

why did he resign?

listerramjet | | Permalink

was it because of this incident, or was it because of the other incidents reported over the past twelve months, or was it to take the sting off Darling and Brown, or did he see it as a good excuse to get out of the madhouse?

And is there a lesson here for that poor chap at the Met?

We will all pay the price

bobhurn | | Permalink

Doubtless the Governments response to this will be new legislation compelling us all to spend a small fortune on encryption "to protect the public" whilst of course doing nothing themselves.

The problems run a lot deeper that this lost data, Standard Life data and stolen laptops. An air of contempt exists in HMRC in their dealings with taxpayers and agents and it appears that this attitude extends to their responsibilities to protect data. Of course, to individuals within HMRC there is, in reality, no responsibility as they know that however bad their mistakes a template apology letter will be issued and no further action taken.

It is clear that a large number of staff in HMRC are demoralised and this appears to have given rise to the attitude of mind that causes them to ignore legislation and clients rights of appeal; and seeing misleading tax payers and agents as acceptable working practice. In the last week alone we have received a CIS gross payment rejection 30 days after the date of the letter (timing out any appeal) and an inspector refusing to list an appeal for the Commissioners as he didn’t feel it was within their remit. Obviously we will let neither of these cases rest, but why have decided that to take such a hard line and unethical approach to their work is the best way of “working together”

Can we trust government system design?

adam.arca | | Permalink

I certainly agree with all comments below, but there does seem to be yet another aspect to this...

I probably know just enough about database design to be dangerous to myself, and my thoughts may be naive and end up being shot down in flames.

However, I would have thought that a fundamental of protecting personal details would be to keep them separate. So, a store of bank details should only contain bank details and unique references for each line of data. The only way of making that store useful would be to also have access to the separate store with the same references which also listed NI numbers, and the other store which also listed names and the other store which also listed addresses etc etc.

It appears that the Revenue just store all this sensitive data together which is really making any thief's job far too easy. Are we to assume they would adopt the same "let's make it easy" approach over a "let's be secure" approach when (hopefully, "if") they build the national identity register?

Lack of training

AnonymousUser | | Permalink

At a meeting recently two senior revenue employees told the course that staff manning the call centre telephones get just 6 weeks training. Enough said.

Basic security

bobhurn | | Permalink

Why does "a junior member of staff's pc" have a cd drive, it would be easy to order pc's without cd, dvd drive or USB drives. I know hindsight is 20/20 but I would expect HMRC IT security to have foresight

The cynic in me says....

Anonymous | | Permalink

He resigned, because he's probably only a few years from retirement and by resigning now he has secured his final salary pension based on his salary of about £200k

So why bother working through all that hassle and taking the rap for this when he can simply slink off and enjoy a few years giving lectures at £10k a pop, until his pension kicks in?.

Amazing double standards

Anonymous | | Permalink

The government tell us to shred evverything, not divulge anything and to not tell anyone about your bank details. They tell us that bank fraud is growing and that we should do everything to protect ourselves.

The banks offer useless 'fraud' insurance to maximise profits and make you jump through hoops and basically accuse you when you call them with a suspected credit card fraud or phantom cashpoint withdrawl.

Now, all of a sudden, Darling says it doesn't matter. No need to close your account, nothing to worry about, carry on as you were. Plus he says the banking code will protect you. Anyone who's had to deal with a fraudulent attack on their bank account will know it can take months for the bank to pay you back, if at all.

The Innocent have nothing to fear

MikeBellisimo | | Permalink

I'm just totally stunned by the disregard for the people represented in the data and the apparent disregard for the Data Protection Act.

25 million records does not just fall onto a CD, it requires a bit of effort probably from someone in the IT department and probably will take a couple of days to do.

For it to happen at all requires a chain of command to pass down the orders. Which is bad enough.

That it can be sent via internal mail as unsecured data just beggars belief. There are plenty of ways of securely transmitting data of this volume around and "a cd is in the post" is not on that list.

It's beyond incompetence, they just don't seem to care about the people they exist to serve.

Can you imagine what the value of those CDs are on the criminal market? IF the CD is in the wrong hands (and there is no evidence either way) then the data could be bundled up and fed out in small value lumps for years to come.

HMRC by it's sheer incompetence may well end up being responsible for the largest spate of identity theft EVER.

Yet we are supposed to believe that the Child Protection Register or an ID Card database would be secure...

Complain about every lost of post

AnonymousUser | | Permalink

This loss of data is headline news because it effects 25 million people, but every loss of a tax return by HMRC is as important for the individual taxpayer concerned, especially where the return includes bank account details for repayments to be paid into.

I heard Richard Thomas the Information Commissioner on Radio 4 this morning say he will be investigating the loss of data by HMRC and it was almost certainly a criminal offence. If the two cds lost in the post constitute a criminal offence then surely every single item of lost personal data i.e. every lost of a tax return form by HMRC, is a similar criminal act.

I think we all have a responsibility to report every such criminal act to the Information commissioners office (ICO) so he has an idea of the real scale of the problem. Contact the ICO at: http://www.ico.gov.uk/

Things weren't as bad in my day!

hwillia2 | | Permalink

Two points come to mind:
1 Why has no blame been aimed at the courier in all this?

2 Things haven't just got worse at HMRC. Back in 1978, I chanced to look out of my office window over to the Inland Revenue's buidlings to see taxapayers' files in freefall from an open window onto a glass roof. We rang to tell them and they then proceded with a hosepipe to attempt to wash them onto the ground.

In the same month we recived a request that we photocopy an entire client's file as they had "mislaid it". Shortly after we recieved another call, telling us that this was no longer necessary as they had found it!

Ah, bring back the days when the Revenue were so transparent and relations were so cordial!

TNT are not at fault

Anonymous | | Permalink

TNT can hardly be blamed for their customers lack of security protocol.

They could just have easily lost a christmas card or envelope with a form in and there'd be no outrage, things do go mising from time to time, in the office and the postal system.

No, the blame lies with HRMC for allowing a simpleton to run off a large data stream, burn it and then post it in an envelope without checks, security or anyone's knowledge.

Nick Graves's picture

Spot on!

Nick Graves | | Permalink

Robert Hurn has it spot on with his "attitude of contempt" comment.

I have a client setting up in China, who was shocked how straightforward and unbureaucratic he found the process, in direct comparison to setting up over here.

I think the day of the "taxpayers' strike" draws ever closer...

Companies House are at is as well

AnonymousUser | | Permalink

Not to outdone by HMRC, Companies House are at is as well.

This morning I received a whole bunch of information regarding a company I do not even represent, even though the letter was addressed to me as Company Secretary of a company which I do represent.

It contained copies of signed resolutions and the Articles and Mems, which could easily be used to "take over the identity" of the Limited Company.

Companies House response was a polite request to send the information back, and apologised for their error. My response was unprintable - needless to say local MP has been informed.

This whole situation is now getting seriously out of control, and I damn sure we were much safer before this bunch of incompetents got into power.

Junior?

KTS | | Permalink

I would be interested to know just how "junior" the member of staff is. Are we seriously to believe that the NAO are requesting information from junior levels, presumably below Inspector level, and that this is automatically provided without any reference to a more senior level of management? On 3 separate occassions??? I find it very hard to believe that would be the case or that a "junior" member of staff would be dealing with the NAO to start with, let alone the same junior member each time.

If this is the case then I would be very interested to know what security checks the Inland Revenue carry out on their staff before they employ them. It is quite frightening to think that junior levels of staff have access to that level of sensitive information regarding such a large number of taxpayers! Anybody wishing to carry out identity fraud will no longer need to go to the measures of trying to hack secure accounts or obtain information from other sources - simply apply for a job with the Inland Revenue, copy some information onto a cd and you have everything you need. There appears to be no way that anyone would even be aware of what you've done. In addition, knowing that any "junior" member of staff can obtain details of the names, addresses and dates of birth of your children makes me hope that any references obtained when applying for a job with the Revenue will in future include a police check at the very least.

I know the NAO are currently being shown as relatively blameless in this but at the point at which they received the first cd of information back in March, presumably by unregistered post, why did they not realise that this should not be received this way and inform a more senior member of staff of the problem at that point? Based on the lack of reaction from the NAO I find it very hard to believe that this is an isolated incident and would not be in the least bit surprised to discover that confidential information is sent via this manner on a regular basis. From personal experience I have been sent the Revenue's own file for a client, including all original documentation, through the normal postal service without any tracking and in that case they not only failed to inform me they had sent it but have never contacted me to check whether it was received!

And the Chancellor believes that to counteract all of this we should all carry ID cards so we can prove who we are when they next give our information away to anyone who looks in the right bin.

2 CD's...??

John Savage | | Permalink

Can the clever computer buffs on this site tell us whether it is actually possible to fit 25 million sets of personal details (and 7 million family details) on to 2 CD's please? Perhaps these were DVD's which were copied, but it does pose an interesting question.

One of my clients hit the nail on the head this morning, we're being told to check no odd withdrawals are being taken from our accounts, but if these details have fallen into criminal hands, then surely they could be sold off a few thousand records at a time, over many months or years.

So it seems that those people who could be affected will be checking for a long long time yet.

And we are supposed to give all our personal and private details to this Government for ID cards?? Many say to me "If you've nothing to hide then you've nothing to fear." Well, this is the very reason why that argument is so false - I say "We have everything to fear"!!!

listerramjet's picture

answer to John Savage's question

listerramjet | | Permalink

The actual information is somewhat garbled but it would appear there are c25M records comprising subsets of children, and the the parents/guardians who actually revceive the benefit, and there are a small number of fields comprising stuff like name, address, ni number plus bank account details for the 7 million recipients.

It is also not clear what format the data was in, but presumably something that the NAO can read, so probably it is a csv file or a database. In either case I would guess they zipped it (and passworded the zip), in which case the zip program would deal with spanning the data over the required number of CDs. In which case 2 CDs would not be unreasonable.

The 'junior' obviously did not read thier own manual

AnonymousUser | | Permalink

HMRC even have an Information Disclosure Manual which covers how they should disclose information to external bodies. Look at para IND 65800
http://www.hmrc.gov.uk/manuals/idgmanual/IDG65800.htm
it says:
"If you receive a request for information from the NAO, you should ask them to provide a clear explanation of why they want to see the documents they have requested. You should then clear the disclosure with a senior manager. "

Are the IT Guys to Blame?

Peter Tucker | | Permalink

I understand that the "old" computer systems which were used by the Inland Revenue, as was, were designed such that each member of staff was given a certain level of access to the information on the Database.
This meant that JUNIOR staff had access to Individuals records on a one by one basis.

It also meant that requests from the NAO or any other body, legitimate or not, for a dump of the entire contents of a database could NOT be undertaken by junior staff. The request could therefore ONLY be dealt with by a SENIOR member of staff.

Good to know that the updating of HMRC Information Technology systems and equipment - at a considerable cost - has brought about such clever innovations, where by Junior members of staff can do anything.

I suppose we should be glad that the Junior Operative did not see fit to delete the entire database. Remember and angry member of staff can be a dangerous member of staff.

PS
I have also been told that NAO require the data to undertake statistical analysis. Why this can not be undertake on the actual database is a question that we may well find out is not asked during the subsequents reviews which are to take place.

aha but Madonna ...

KTS | | Permalink

.. gave birth to 2 of her kids in the USA and the other one was at a bring and buy sale so she wouldn't have automatically received the Child Benefit claim form while lying in Maternity Ward 10.

Now that would be interesting. Did Madonna go out of her way when she came back to her Mockney roots to get herself a Child Benefit claim form and fill it out in order to claim her tax free monthly allowance for her children?

I take your Madonna and I up you ...
a Richard Branson
a Kate Moss
a Kerry McFaddyn (and Boyband Brian)
and a J K Rowling (somewhat of a wizard move I think)

silicondale's picture

Just a few more stray thoughts

silicondale | | Permalink

1. What on earth do the NAO want the entire database for (including personal bank account details etc etc) ?
2. Do they even have the legal right to access this detailed data ?
3. Who else in government (or outside ?) also receives copies of HMRC databases on a routine basis ? Or occasionally ?
4. If HMRC staff can totally ignore procedures and safeguards which the government tell us they have - how many other departments at national or local level can also ignore similar safeguards and send our personal data to each other unsecured ?
5. If found to be criminally liable under the Data Protection Act, what will happen? Will HMRC just be fined like the Metropolitan Police were over the de Menezes shooting ? If so - we, the victims, are those who foot the bill. Surely the criminal liability extends to the entire chain of command from the "junior" officer who sent the CDs right up to the Chancellor and the PM ?
6. Even if the CDs themselves are found - how will we ever know that they haven't been copied in the meantime ?

DISGRACE

Anonymous | | Permalink

This is an utter disgrace that HMRC, the guardian of our data (data protection) has provided NAO all the unnecessary information and to lose it is breach of duty of care and total breach of trust. I do hope the Govt gets prosecuted for these breaches and get their acts together. What I would like to know and likewsie for the rest of the people in the UK are what other information has been supplied to other parties. I know for a dammed fact that HMRC has sold to credit card companies and store cards my details as I use a specific code for my name and have been receiving cold calling letters from store cards and mail order companies.

This Govt should be dissolved and get somebody else in and run in its place. Some one where trust can be assured as well as intregity.

This organistion needs to be audited from top to bottom with no restricted remits. The big 4 should be excluded from this exercise as they had a share of the gravy train one way or the other.

RebeccaBenneyworth's picture

So who is affected?

RebeccaBenneyworth | | Permalink

Here is a good game. Who should be worried (apart from you or me)? Theoretical answer, any mum with kids under 16 (or maybe 18), plus older siblings of those kids, plus probably partners of the mums and any other "claimants".
Construct a list. Bonus marks for star quality.
here's your starters
Gordon Brown (wife and family)
Tony Blair (Cherie, et al)
Sarah, Duchess of York (Andrew, the girls)
Madonna (I claim the bonus spot prize)
Paul McCartney (Heather and little one) (Double points I think)
NOT David, Posh etc - not resident
BUT probably the others (spice girls I mean)
And a few other blokes who play football (allegedly)
Over to you.

Why Bank Account No's?

Anonymous | | Permalink

Who's idea was it to have all Benefits paid into bank accounts?

I like this game...

KTS | | Permalink

I thought of some more...

Liz Hurley
Myleene Klas (what guy doesn't want her address and phone number?)
Freddie Flintoff
Charlotte Church (with Gavin)
Jude Law (Sadie Frost et al)
Ewan MacGregor
Martin Kemp with a free Pepsi & Shirley (but that might be showing my age)
Bob Geldof (he needs the allowance to feed other kids)
Jordan - great value as not only do you get Peter Andre but you get Dwight Yorke thrown in for free!

I despair...

Anonymous | | Permalink

http://www.hmrc.gov.uk/childbenefit/update-faqs.htm

See the heading to the final FAQ:

"Can I change my National Assurance Number to protect me from fraud?"

Needless to say, I am underwhelmed.

Gareth - please feel free to let the News of the World know about this...

[edit] It's been corrected. Not before I printed it off though...

Golden Hand Shake for Naughty Boy

Steve Hills | | Permalink

I wonder what kind of bumper package Paul Gray will manage to secure by being one of the first 25,000 job cuts.

Gareth Beck's picture

HMRC recent failures

Gareth Beck | | Permalink

Hi,

AccountingWEB have been contacted by a national newspaper that is keen to get some examples of HMRC processes that have failed over the last couple of months for a piece that they are doing.

If you've got some examples and wish to contribute please let me know and I can either pass your contact details on or let you know theirs, the contribution can to be anonymous.

Please email me on:
member-services@accountingweb.co.uk

Thanks,
Gareth

AccountingWEB - moderator
AccountingWEB - Moderator

incompetence writ large

kevin9 | | Permalink

Does Darling have the faintest idea what is going on. "Darling explained that Sir John Bourn at the NAO will look into its procedures...". I thought that Sir John resigned last week. In an interview yesterday Darling said that the ID card scheme would provide us with better protection against such incidents because it would be based on biometric data. Now I am not a techno boffin but I would have thought that such biometric data would have to be stored on a central database - I think you can see where I am going. I am a father of children under 16 and a Standard Life pension holder so I am not best pleased. The banking code is all well and good but the banks bend over backwards to foist the blame on the customer with remarks like "You must have been careless with your details etc"
These days it seems to me that Ministers and Whitehall are totally out of step with living in the real world, care not one jot about the public and merely pay lipservice to the jobs which they should actually be dealing with.

John Stokdyk's picture

News update

John Stokdyk | | Permalink

AccountingWEB member Jack Harper alerted us earlier this afternoon that Dave Hartnett has been chosen as acting HMRC chairman.

After giving us his initial thoughts, our IT security correspondent Stewart Twynham has reflected on the underlying data protection issues at HMRC in his latest IT security diary entry, The tip of the iceberg.

We'll keep you posted on any further developments, and look forward to seeing what the News of the World comes up with on the subject.

John Stokdyk
Technology editor
AccountingWEB.co.uk

Can I change my NINO to protect me from fraud?

AnonymousUser | | Permalink

"The National Insurance Number is not an ID Number". What absolute rubbish. Lies, Lies, Lies. Of course it is. If HMRC want to trace a taxpayer/nontaxpayer they put the NINO in Taxpayer Index and up the record comes on the screen. Pensions are paid out because the records under this number show how many contributions have been made (if you are lucky and they haven't made a cock up) to decide on the likely level of State Pension. Perhaps they could explain what actually constitutes an ID Number? Somebody from the old DSS said that these numbers are given at birth and issued around age 14-15 years. Its also on Pension ID Cards for identification.

I was speaking to an ex-District Inspector friend today and we both think that these disks have fallen into the wrong hands. I am sure TNT have searched extremely thoroughly and the only possibility/probability of actual loss lies with them.

Just glad to be beyond child rearing age.

Gray Tuesday

anboyd | | Permalink

As a former HMIT, I find it inconceivable that a junior official could have be put in a position where he could have access to so much sensitive information without more senior approval.
No doubt the ensuing enquiry will show where the buck stops... probably shorter of the person ultimably responsable.
I hope the junior official concerned has adequate legal representation and manages to find other employment eventually... he's well out of HMRC if they're using him as a scapegoat for departmental inefficiency.
Apart from feeling some sympathy for the junior official concened, I feel equally sad about Paul Gray's correct and honourable resignation, as all indications were that he was doing his best with a somewhat poisoned chalice. In practice, HMRC is very difficult to deal with nowadays ... you can get a polite expert, or you can get an undertrained zealot...Who do you blame and how do you deal with the patchy responses?

RebeccaBenneyworth's picture

I agree with Andrew

RebeccaBenneyworth | | Permalink

Paul Gray will be a sad loss - obviously he felt he had to go - but as Andrew said, he was shaping up very well and likely to take the tax authority forward in a way which was sensible for all involved in the tax system.

I saw that the Times is reporting (tongue in cheek) of a book running on his permanent replacement. Very long odds on Ken Dodd though.

However, there is a good candiate around - he has recently lost a very high profile job for which most people agree he wasn't really suited in the first place. I'm sure that if they move quickly they could snap him up for a modest price. There seems some poetic justice in naming him new chair of HMRC. (Mike Bassett was it...no I think I've got confused somewhere)

This one made me laugh..

Anonymous | | Permalink

"If, as a direct result of this incident, you incur costs we will consider compensating them."

In other words if our total incompetence in dealing with your highly confidential information means that you are subject to fraud through no fault of your own whatsoever and you lose money we might think about saying sorry and paying you £50 for the "inconvenience"!

this is down to common sense and i a am no IT / Security expert

deltic1 | | Permalink

There are those with the Inland Revenue that are being very well paid either as consultants or directly to avoid this from happening in the first place .
particularly given the size and amount of data involved.

how ever with out knowing the size or nature of the CDs involved or the programes used to control it ,

the very above are proably very speacialized given the amount od data involved and would need very determined expertise / criminals to be able to use it i would hope if not then this is not just a very bad cock up if this is not the case it is close to a catsrophe as the inland revenue could beand it would therefore need a lot of time and effort etc to bring software etc up to date before other major changes are made to the tax system etc

or quite the other and a very good time for a full and proper , fair and system that works to be put in place for at least the next five to ten years before dealing with the software issue

EVEN MORE IMPORTANTLY THIS DOSE REMIND ALL OF US
AND IT IS SOMETHING WE HAVE ALL BEEN GUILTY OF AT ONE TIME OR ANOTHER

NOT TO USE PIN OR PASSWORDS THAT MAY AND ARE OF COMMON KNOWLEDGE TO THOSE WHO DO NOT NEED TO KNOW THEM

most common to my knowledge being :

being close member family meber names or dates of birth

home telephone numbers or house names where we live

national insurance numbers

and not to use the same pin number / passwords for everything where they are we use them.

this is a very big reminder that this is very much the IT age to all of us

something which i think we all agree we very much have a love / hate relationship with etc

Paper tigers?

Anonymous | | Permalink

I know that many people are surprised that, with such a grotesque failure to observe the Data Protection Act, there has been no serious suggestion that anyone will be prosecuted under the Act.

The Information Commissioner has been wheeled onto a few radio programmes, basically to say 'tut tut' a few times, and wheeled off again. He has promised to 'ask searching questions of HMRC about their procedures.' Ooo-err....

Are the DPA and the IC really this powerless?