Gray Tuesday for HMRC: Chairman resigns over data breach

Kashflow logo
Share this content

Paul Gray, chairman of HMRC (pictured), has resigned after the admission that HM Revenue and Customs have lost the confidential details of up to 25 million individuals from 7.5 million families claiming child benefits.

The chancellor, Alistair Darling MP, admitted in a statement this afternoon that the data went missing when a junior official at HMRC sent two CD-ROMs to the National Audit Office using HMRCs internal courier, TNT. The disks contained full personal details of claimants and their children, including national insurance numbers and private bank details.

The chancellor explained that the information was sent on 18 October, but senior management at HMRC were n...

Please Login or Register to read the full article

The full article is available to registered members only. To read the rest of this article you’ll need to login or register. Registration is FREE and allows you to view all content, ask questions, comment and much more.

About AccountingWEB


Please login or register to join the discussion.

20th Nov 2007 18:11

"Affected account holders were urged to monitor their accounts"
Err... And how are you supposed to know if you are an affected account holder?

Thanks (0)
20th Nov 2007 20:55

pouring in
complaints are pouring in to the BBC have your say site. I counted 1500+ in <2 hours. By 6.30 it was up to 2.7K

Thanks (0)
20th Nov 2007 18:29

How you know if you're affected ...
If 25 million, there's a 50:50 chance. If you have any children it seems that makes it 100% chance.

And they want us all to trust them with our personal details for the ID card scheme. As far as i'm concerned, that's now a dead duck, if it wasn't before.

Thanks (0)
20th Nov 2007 19:29

Personal information....
And this shower in Government, in pursuit of their mythical "war on terror", wish us to divulge all our personal information to them for their outrageous ID card nonsense, and even this week they have proposed we give them 53 items of personal information, including such things as our credit card details, when we just wish to go on our holidays to Spain!! This information then to be shared around many of their departments which seem to employ illegal workers as security guards.

Trustworthy is an alien word to descibe these clowns.

Thanks (0)
20th Nov 2007 22:51

Why on earth does anyone within HMRC, Junior, Middle ranking or Senior Management, think that it is acceptable to copy an ENTIRE database onto CD's?

Why does HMRC insist on electronic data transfer for PAYE End of Year Data, but apparently does not use such a system it's self?

Why is it always - a Junior Member of Staff - that is to blame. Is the concept - management of junior staff - foreign to HMRC?

How many mistakes, errors, inaccuracies, failure to correct and general mismanagement have to occur before HMRC Senior Management get their marching orders?

These any many more questions will be answered in the next episode.

Thanks (0)
By Anonymous
20th Nov 2007 19:01

I'm off
That's it - I'm closing my account with HMRC and moving to Northern Rock.

Thanks (0)
21st Nov 2007 09:26

why did he resign?
was it because of this incident, or was it because of the other incidents reported over the past twelve months, or was it to take the sting off Darling and Brown, or did he see it as a good excuse to get out of the madhouse?

And is there a lesson here for that poor chap at the Met?

Thanks (0)
21st Nov 2007 09:59

We will all pay the price
Doubtless the Governments response to this will be new legislation compelling us all to spend a small fortune on encryption "to protect the public" whilst of course doing nothing themselves.

The problems run a lot deeper that this lost data, Standard Life data and stolen laptops. An air of contempt exists in HMRC in their dealings with taxpayers and agents and it appears that this attitude extends to their responsibilities to protect data. Of course, to individuals within HMRC there is, in reality, no responsibility as they know that however bad their mistakes a template apology letter will be issued and no further action taken.

It is clear that a large number of staff in HMRC are demoralised and this appears to have given rise to the attitude of mind that causes them to ignore legislation and clients rights of appeal; and seeing misleading tax payers and agents as acceptable working practice. In the last week alone we have received a CIS gross payment rejection 30 days after the date of the letter (timing out any appeal) and an inspector refusing to list an appeal for the Commissioners as he didn’t feel it was within their remit. Obviously we will let neither of these cases rest, but why have decided that to take such a hard line and unethical approach to their work is the best way of “working together”

Thanks (0)
21st Nov 2007 10:07

Can we trust government system design?
I certainly agree with all comments below, but there does seem to be yet another aspect to this...

I probably know just enough about database design to be dangerous to myself, and my thoughts may be naive and end up being shot down in flames.

However, I would have thought that a fundamental of protecting personal details would be to keep them separate. So, a store of bank details should only contain bank details and unique references for each line of data. The only way of making that store useful would be to also have access to the separate store with the same references which also listed NI numbers, and the other store which also listed names and the other store which also listed addresses etc etc.

It appears that the Revenue just store all this sensitive data together which is really making any thief's job far too easy. Are we to assume they would adopt the same "let's make it easy" approach over a "let's be secure" approach when (hopefully, "if") they build the national identity register?

Thanks (0)
21st Nov 2007 10:17

Lack of training
At a meeting recently two senior revenue employees told the course that staff manning the call centre telephones get just 6 weeks training. Enough said.

Thanks (0)
21st Nov 2007 10:23

Basic security
Why does "a junior member of staff's pc" have a cd drive, it would be easy to order pc's without cd, dvd drive or USB drives. I know hindsight is 20/20 but I would expect HMRC IT security to have foresight

Thanks (0)
By Anonymous
21st Nov 2007 10:00

The cynic in me says....
He resigned, because he's probably only a few years from retirement and by resigning now he has secured his final salary pension based on his salary of about £200k

So why bother working through all that hassle and taking the rap for this when he can simply slink off and enjoy a few years giving lectures at £10k a pop, until his pension kicks in?.

Thanks (0)
By Anonymous
21st Nov 2007 08:31

Amazing double standards
The government tell us to shred evverything, not divulge anything and to not tell anyone about your bank details. They tell us that bank fraud is growing and that we should do everything to protect ourselves.

The banks offer useless 'fraud' insurance to maximise profits and make you jump through hoops and basically accuse you when you call them with a suspected credit card fraud or phantom cashpoint withdrawl.

Now, all of a sudden, Darling says it doesn't matter. No need to close your account, nothing to worry about, carry on as you were. Plus he says the banking code will protect you. Anyone who's had to deal with a fraudulent attack on their bank account will know it can take months for the bank to pay you back, if at all.

Thanks (0)
21st Nov 2007 13:09

The Innocent have nothing to fear
I'm just totally stunned by the disregard for the people represented in the data and the apparent disregard for the Data Protection Act.

25 million records does not just fall onto a CD, it requires a bit of effort probably from someone in the IT department and probably will take a couple of days to do.

For it to happen at all requires a chain of command to pass down the orders. Which is bad enough.

That it can be sent via internal mail as unsecured data just beggars belief. There are plenty of ways of securely transmitting data of this volume around and "a cd is in the post" is not on that list.

It's beyond incompetence, they just don't seem to care about the people they exist to serve.

Can you imagine what the value of those CDs are on the criminal market? IF the CD is in the wrong hands (and there is no evidence either way) then the data could be bundled up and fed out in small value lumps for years to come.

HMRC by it's sheer incompetence may well end up being responsible for the largest spate of identity theft EVER.

Yet we are supposed to believe that the Child Protection Register or an ID Card database would be secure...

Thanks (0)
21st Nov 2007 09:10

Complain about every lost of post
This loss of data is headline news because it effects 25 million people, but every loss of a tax return by HMRC is as important for the individual taxpayer concerned, especially where the return includes bank account details for repayments to be paid into.

I heard Richard Thomas the Information Commissioner on Radio 4 this morning say he will be investigating the loss of data by HMRC and it was almost certainly a criminal offence. If the two cds lost in the post constitute a criminal offence then surely every single item of lost personal data i.e. every lost of a tax return form by HMRC, is a similar criminal act.

I think we all have a responsibility to report every such criminal act to the Information commissioners office (ICO) so he has an idea of the real scale of the problem. Contact the ICO at:

Thanks (0)
21st Nov 2007 15:37

Things weren't as bad in my day!
Two points come to mind:
1 Why has no blame been aimed at the courier in all this?

2 Things haven't just got worse at HMRC. Back in 1978, I chanced to look out of my office window over to the Inland Revenue's buidlings to see taxapayers' files in freefall from an open window onto a glass roof. We rang to tell them and they then proceded with a hosepipe to attempt to wash them onto the ground.

In the same month we recived a request that we photocopy an entire client's file as they had "mislaid it". Shortly after we recieved another call, telling us that this was no longer necessary as they had found it!

Ah, bring back the days when the Revenue were so transparent and relations were so cordial!

Thanks (0)
By Anonymous
21st Nov 2007 15:53

TNT are not at fault
TNT can hardly be blamed for their customers lack of security protocol.

They could just have easily lost a christmas card or envelope with a form in and there'd be no outrage, things do go mising from time to time, in the office and the postal system.

No, the blame lies with HRMC for allowing a simpleton to run off a large data stream, burn it and then post it in an envelope without checks, security or anyone's knowledge.

Thanks (0)
21st Nov 2007 15:58

Spot on!
Robert Hurn has it spot on with his "attitude of contempt" comment.

I have a client setting up in China, who was shocked how straightforward and unbureaucratic he found the process, in direct comparison to setting up over here.

I think the day of the "taxpayers' strike" draws ever closer...

Thanks (0)
21st Nov 2007 12:27

Companies House are at is as well
Not to outdone by HMRC, Companies House are at is as well.

This morning I received a whole bunch of information regarding a company I do not even represent, even though the letter was addressed to me as Company Secretary of a company which I do represent.

It contained copies of signed resolutions and the Articles and Mems, which could easily be used to "take over the identity" of the Limited Company.

Companies House response was a polite request to send the information back, and apologised for their error. My response was unprintable - needless to say local MP has been informed.

This whole situation is now getting seriously out of control, and I damn sure we were much safer before this bunch of incompetents got into power.

Thanks (0)
21st Nov 2007 12:47

I would be interested to know just how "junior" the member of staff is. Are we seriously to believe that the NAO are requesting information from junior levels, presumably below Inspector level, and that this is automatically provided without any reference to a more senior level of management? On 3 separate occassions??? I find it very hard to believe that would be the case or that a "junior" member of staff would be dealing with the NAO to start with, let alone the same junior member each time.

If this is the case then I would be very interested to know what security checks the Inland Revenue carry out on their staff before they employ them. It is quite frightening to think that junior levels of staff have access to that level of sensitive information regarding such a large number of taxpayers! Anybody wishing to carry out identity fraud will no longer need to go to the measures of trying to hack secure accounts or obtain information from other sources - simply apply for a job with the Inland Revenue, copy some information onto a cd and you have everything you need. There appears to be no way that anyone would even be aware of what you've done. In addition, knowing that any "junior" member of staff can obtain details of the names, addresses and dates of birth of your children makes me hope that any references obtained when applying for a job with the Revenue will in future include a police check at the very least.

I know the NAO are currently being shown as relatively blameless in this but at the point at which they received the first cd of information back in March, presumably by unregistered post, why did they not realise that this should not be received this way and inform a more senior member of staff of the problem at that point? Based on the lack of reaction from the NAO I find it very hard to believe that this is an isolated incident and would not be in the least bit surprised to discover that confidential information is sent via this manner on a regular basis. From personal experience I have been sent the Revenue's own file for a client, including all original documentation, through the normal postal service without any tracking and in that case they not only failed to inform me they had sent it but have never contacted me to check whether it was received!

And the Chancellor believes that to counteract all of this we should all carry ID cards so we can prove who we are when they next give our information away to anyone who looks in the right bin.

Thanks (0)
21st Nov 2007 15:33

2 CD's...??
Can the clever computer buffs on this site tell us whether it is actually possible to fit 25 million sets of personal details (and 7 million family details) on to 2 CD's please? Perhaps these were DVD's which were copied, but it does pose an interesting question.

One of my clients hit the nail on the head this morning, we're being told to check no odd withdrawals are being taken from our accounts, but if these details have fallen into criminal hands, then surely they could be sold off a few thousand records at a time, over many months or years.

So it seems that those people who could be affected will be checking for a long long time yet.

And we are supposed to give all our personal and private details to this Government for ID cards?? Many say to me "If you've nothing to hide then you've nothing to fear." Well, this is the very reason why that argument is so false - I say "We have everything to fear"!!!

Thanks (0)
21st Nov 2007 16:11

answer to John Savage's question
The actual information is somewhat garbled but it would appear there are c25M records comprising subsets of children, and the the parents/guardians who actually revceive the benefit, and there are a small number of fields comprising stuff like name, address, ni number plus bank account details for the 7 million recipients.

It is also not clear what format the data was in, but presumably something that the NAO can read, so probably it is a csv file or a database. In either case I would guess they zipped it (and passworded the zip), in which case the zip program would deal with spanning the data over the required number of CDs. In which case 2 CDs would not be unreasonable.

Thanks (0)
21st Nov 2007 16:54

The 'junior' obviously did not read thier own manual
HMRC even have an Information Disclosure Manual which covers how they should disclose information to external bodies. Look at para IND 65800
it says:
"If you receive a request for information from the NAO, you should ask them to provide a clear explanation of why they want to see the documents they have requested. You should then clear the disclosure with a senior manager. "

Thanks (0)
21st Nov 2007 17:32

Are the IT Guys to Blame?
I understand that the "old" computer systems which were used by the Inland Revenue, as was, were designed such that each member of staff was given a certain level of access to the information on the Database.
This meant that JUNIOR staff had access to Individuals records on a one by one basis.

It also meant that requests from the NAO or any other body, legitimate or not, for a dump of the entire contents of a database could NOT be undertaken by junior staff. The request could therefore ONLY be dealt with by a SENIOR member of staff.

Good to know that the updating of HMRC Information Technology systems and equipment - at a considerable cost - has brought about such clever innovations, where by Junior members of staff can do anything.

I suppose we should be glad that the Junior Operative did not see fit to delete the entire database. Remember and angry member of staff can be a dangerous member of staff.

I have also been told that NAO require the data to undertake statistical analysis. Why this can not be undertake on the actual database is a question that we may well find out is not asked during the subsequents reviews which are to take place.

Thanks (0)
22nd Nov 2007 09:26

aha but Madonna ...
.. gave birth to 2 of her kids in the USA and the other one was at a bring and buy sale so she wouldn't have automatically received the Child Benefit claim form while lying in Maternity Ward 10.

Now that would be interesting. Did Madonna go out of her way when she came back to her Mockney roots to get herself a Child Benefit claim form and fill it out in order to claim her tax free monthly allowance for her children?

I take your Madonna and I up you ...
a Richard Branson
a Kate Moss
a Kerry McFaddyn (and Boyband Brian)
and a J K Rowling (somewhat of a wizard move I think)

Thanks (0)
21st Nov 2007 17:00

Just a few more stray thoughts
1. What on earth do the NAO want the entire database for (including personal bank account details etc etc) ?
2. Do they even have the legal right to access this detailed data ?
3. Who else in government (or outside ?) also receives copies of HMRC databases on a routine basis ? Or occasionally ?
4. If HMRC staff can totally ignore procedures and safeguards which the government tell us they have - how many other departments at national or local level can also ignore similar safeguards and send our personal data to each other unsecured ?
5. If found to be criminally liable under the Data Protection Act, what will happen? Will HMRC just be fined like the Metropolitan Police were over the de Menezes shooting ? If so - we, the victims, are those who foot the bill. Surely the criminal liability extends to the entire chain of command from the "junior" officer who sent the CDs right up to the Chancellor and the PM ?
6. Even if the CDs themselves are found - how will we ever know that they haven't been copied in the meantime ?

Thanks (0)
By Anonymous
21st Nov 2007 19:49

This is an utter disgrace that HMRC, the guardian of our data (data protection) has provided NAO all the unnecessary information and to lose it is breach of duty of care and total breach of trust. I do hope the Govt gets prosecuted for these breaches and get their acts together. What I would like to know and likewsie for the rest of the people in the UK are what other information has been supplied to other parties. I know for a dammed fact that HMRC has sold to credit card companies and store cards my details as I use a specific code for my name and have been receiving cold calling letters from store cards and mail order companies.

This Govt should be dissolved and get somebody else in and run in its place. Some one where trust can be assured as well as intregity.

This organistion needs to be audited from top to bottom with no restricted remits. The big 4 should be excluded from this exercise as they had a share of the gravy train one way or the other.

Thanks (0)
21st Nov 2007 23:08

So who is affected?
Here is a good game. Who should be worried (apart from you or me)? Theoretical answer, any mum with kids under 16 (or maybe 18), plus older siblings of those kids, plus probably partners of the mums and any other "claimants".
Construct a list. Bonus marks for star quality.
here's your starters
Gordon Brown (wife and family)
Tony Blair (Cherie, et al)
Sarah, Duchess of York (Andrew, the girls)
Madonna (I claim the bonus spot prize)
Paul McCartney (Heather and little one) (Double points I think)
NOT David, Posh etc - not resident
BUT probably the others (spice girls I mean)
And a few other blokes who play football (allegedly)
Over to you.

Thanks (0)
By Anonymous
22nd Nov 2007 08:22

Why Bank Account No's?
Who's idea was it to have all Benefits paid into bank accounts?

Thanks (0)
22nd Nov 2007 10:25

I like this game...
I thought of some more...

Liz Hurley
Myleene Klas (what guy doesn't want her address and phone number?)
Freddie Flintoff
Charlotte Church (with Gavin)
Jude Law (Sadie Frost et al)
Ewan MacGregor
Martin Kemp with a free Pepsi & Shirley (but that might be showing my age)
Bob Geldof (he needs the allowance to feed other kids)
Jordan - great value as not only do you get Peter Andre but you get Dwight Yorke thrown in for free!

Thanks (0)
By Anonymous
22nd Nov 2007 16:12

I despair...

See the heading to the final FAQ:

"Can I change my National Assurance Number to protect me from fraud?"

Needless to say, I am underwhelmed.

Gareth - please feel free to let the News of the World know about this...

[edit] It's been corrected. Not before I printed it off though...

Thanks (0)
22nd Nov 2007 10:38

Golden Hand Shake for Naughty Boy
I wonder what kind of bumper package Paul Gray will manage to secure by being one of the first 25,000 job cuts.

Thanks (0)
22nd Nov 2007 13:45

HMRC recent failures

AccountingWEB have been contacted by a national newspaper that is keen to get some examples of HMRC processes that have failed over the last couple of months for a piece that they are doing.

If you've got some examples and wish to contribute please let me know and I can either pass your contact details on or let you know theirs, the contribution can to be anonymous.

Please email me on:
[email protected]


AccountingWEB - moderator
AccountingWEB - Moderator

Thanks (0)
By kevin9
22nd Nov 2007 14:35

incompetence writ large
Does Darling have the faintest idea what is going on. "Darling explained that Sir John Bourn at the NAO will look into its procedures...". I thought that Sir John resigned last week. In an interview yesterday Darling said that the ID card scheme would provide us with better protection against such incidents because it would be based on biometric data. Now I am not a techno boffin but I would have thought that such biometric data would have to be stored on a central database - I think you can see where I am going. I am a father of children under 16 and a Standard Life pension holder so I am not best pleased. The banking code is all well and good but the banks bend over backwards to foist the blame on the customer with remarks like "You must have been careless with your details etc"
These days it seems to me that Ministers and Whitehall are totally out of step with living in the real world, care not one jot about the public and merely pay lipservice to the jobs which they should actually be dealing with.

Thanks (0)
22nd Nov 2007 17:19

News update
AccountingWEB member Jack Harper alerted us earlier this afternoon that Dave Hartnett has been chosen as acting HMRC chairman.

After giving us his initial thoughts, our IT security correspondent Stewart Twynham has reflected on the underlying data protection issues at HMRC in his latest IT security diary entry, The tip of the iceberg.

We'll keep you posted on any further developments, and look forward to seeing what the News of the World comes up with on the subject.

John Stokdyk
Technology editor

Thanks (0)
22nd Nov 2007 18:41

Can I change my NINO to protect me from fraud?
"The National Insurance Number is not an ID Number". What absolute rubbish. Lies, Lies, Lies. Of course it is. If HMRC want to trace a taxpayer/nontaxpayer they put the NINO in Taxpayer Index and up the record comes on the screen. Pensions are paid out because the records under this number show how many contributions have been made (if you are lucky and they haven't made a cock[***] up) to decide on the likely level of State Pension. Perhaps they could explain what actually constitutes an ID Number? Somebody from the old DSS said that these numbers are given at birth and issued around age 14-15 years. Its also on Pension ID Cards for identification.

I was speaking to an ex-District Inspector friend today and we both think that these disks have fallen into the wrong hands. I am sure TNT have searched extremely thoroughly and the only possibility/probability of actual loss lies with them.

Just glad to be beyond child rearing age.

Thanks (0)
By anboyd
23rd Nov 2007 00:55

Gray Tuesday
As a former HMIT, I find it inconceivable that a junior official could have be put in a position where he could have access to so much sensitive information without more senior approval.
No doubt the ensuing enquiry will show where the buck stops... probably shorter of the person ultimably responsable.
I hope the junior official concerned has adequate legal representation and manages to find other employment eventually... he's well out of HMRC if they're using him as a scapegoat for departmental inefficiency.
Apart from feeling some sympathy for the junior official concened, I feel equally sad about Paul Gray's correct and honourable resignation, as all indications were that he was doing his best with a somewhat poisoned chalice. In practice, HMRC is very difficult to deal with nowadays ... you can get a polite expert, or you can get an undertrained zealot...Who do you blame and how do you deal with the patchy responses?

Thanks (0)
23rd Nov 2007 08:36

I agree with Andrew
Paul Gray will be a sad loss - obviously he felt he had to go - but as Andrew said, he was shaping up very well and likely to take the tax authority forward in a way which was sensible for all involved in the tax system.

I saw that the Times is reporting (tongue in cheek) of a book running on his permanent replacement. Very long odds on Ken Dodd though.

However, there is a good candiate around - he has recently lost a very high profile job for which most people agree he wasn't really suited in the first place. I'm sure that if they move quickly they could snap him up for a modest price. There seems some poetic justice in naming him new chair of HMRC. (Mike Bassett was I think I've got confused somewhere)

Thanks (0)
By Anonymous
23rd Nov 2007 09:51

This one made me laugh..
"If, as a direct result of this incident, you incur costs we will consider compensating them."

In other words if our total incompetence in dealing with your highly confidential information means that you are subject to fraud through no fault of your own whatsoever and you lose money we might think about saying sorry and paying you £50 for the "inconvenience"!

Thanks (0)
By deltic1
23rd Nov 2007 14:50

this is down to common sense and i a am no IT / Security expert

There are those with the Inland Revenue that are being very well paid either as consultants or directly to avoid this from happening in the first place .
particularly given the size and amount of data involved.

how ever with out knowing the size or nature of the CDs involved or the programes used to control it ,

the very above are proably very speacialized given the amount od data involved and would need very determined expertise / criminals to be able to use it i would hope if not then this is not just a very bad cock[***] up if this is not the case it is close to a catsrophe as the inland revenue could beand it would therefore need a lot of time and effort etc to bring software etc up to date before other major changes are made to the tax system etc

or quite the other and a very good time for a full and proper , fair and system that works to be put in place for at least the next five to ten years before dealing with the software issue



most common to my knowledge being :

being close member family meber names or dates of birth

home telephone numbers or house names where we live

national insurance numbers

and not to use the same pin number / passwords for everything where they are we use them.

this is a very big reminder that this is very much the IT age to all of us

something which i think we all agree we very much have a love / hate relationship with etc

Thanks (0)
By Anonymous
23rd Nov 2007 11:39

Paper tigers?
I know that many people are surprised that, with such a grotesque failure to observe the Data Protection Act, there has been no serious suggestion that anyone will be prosecuted under the Act.

The Information Commissioner has been wheeled onto a few radio programmes, basically to say 'tut tut' a few times, and wheeled off again. He has promised to 'ask searching questions of HMRC about their procedures.' Ooo-err....

Are the DPA and the IC really this powerless?

Thanks (0)