HMRC blunder leads to further private data leak

HMRC: further blunder

An online tax system run by HM Revenue and Customs (HMRC) has inadvertently exposed private business details.

The error with the pay as you earn (PAYE) application led to the name, address and phone number of one business being exposed to another company using the system later the same day.

The incident has led to fears that sensitive financial information entered into the PAYE system could also be exposed to other users.

Philip Brown, who came across the information accidentally while trying to change contact details for his own business, expressed his concern.

“My company is tiny and we will continue to use the PAYE system because of the financial incentives to do so, and because our finances are trivial,” he said.

“However, if I were finance director of a large company I would want to be aware of this security breach and would seek reassurance that my data is secure.”

The news comes in the same week that HMRC was hit by a damning report citing “serious institutional deficiencies” after it lost the financial details of more than 25 million families last year.

The Poynter Review made 45 recommendations for improving data security, 39 of which HMRC said it has already implemented.

But no one within the department was able to tell Brown how the PAYE incident occurred or reassure him that it would not happen again, despite repeated phone calls and emails.

HMRC insisted that a separate part of the PAYE system handles financial data, and reassured businesses their information was safe.

“This is a one-off incident for which we have an explanation based on what we have been told. We take the information we have been given very seriously ­ and are continually monitoring to make sure data is protected,” said a spokesman.

The department will spend £155m over the next three years on improving security.