HMRC Data Loss Scandal

The big scandal occurred in November 2007 when it was announced that HMRC - the tax people - had lost two discs containing data, including bank details, on some 25 million people in the UK. It served to highlight the problems that exist with personal data, as well as Internet safety and life online, as well as the future of data recovery.

It turned out to be the first of a number of revelations of data loss by government agencies and private companies, with many laptops reported as stolen, and all too often containing personal data on UK citizens that wasn't encrypted to keep it out of the hands of thieves.

How The HMRC Data Scandal Happened

The problem with HMRC data actually began in October 2007. Staff in an office in the Northeast sent two password-protected discs containing personal data on 25 million child benefit recipients (amazingly, it had nothing to do with tax!) to an office in the South. It went via internal mail, unrecorded, and handled by a courier service. For some reason - and no investigation has discovered what happened - the discs never arrived.

However, no announcement was made until November, when the Chancellor of the Exchequer told Parliament what had happened. Although he emphasised that the discs were protected by a password, what he didn't inform the nation was that the protection itself was actually very flimsy, and could easily be broken by a competent hacker with simple software.

Although there was no evidence that criminals had the information, people were still urged to monitor their bank accounts. However, had HMRC followed the urging of the National Audit Office that wouldn't have been necessary; it had recommended stripping bank details from the discs, which wasn't done because it was deemed too expensive, although the actual cost was estimated at just over £600.

Early in 2008 phishing scams regarding the data loss began appearing on the Internet. People received e-mails with a link where they could supposedly claim a refund from the government for the loss. However, when that link was clicked, it took online users to a phishing site which took personal and bank details.

After the HMRC data scandal broke, it was followed by a number of others, both from the government and private companies, including financial institutions, about the loss of data and stolen laptops, often with unencrypted data. In the case of bank and tax details, those can be devastating in the wrong hands.

What Can Be Learned From The HMRC Data Scandal?

Perhaps the most worrying outcome of the HMRC data scandal is learning how governments and companies treat personal data - in an almost cavalier fashion. In these days of software that can be poisoned with key loggers and other malware, and the number of hacking attacks, it's almost criminal. The Information Commissioner has thought so, too, and has promised to prosecute those who don't take adequate steps to protect personal data.

Although there's little ordinary people can do about data losses like that, there are steps we can take to protect our personal data on the Internet. When online, be careful about following links, and never click on links in e-mails. Use a good firewall and anti-virus software, as well as spyware detection, and run them frequently to scan your computer.

Data recovery and file recovery are also important, in the event your computer crashes. Always back things up, whether it's onto an external hard drive, memory stick or CD. That makes the recovery of data and files simple. It takes a little work to do it regularly, but the peace of mind is worthwhile.