HMRC Breach Caused By Poor Security

A formal inquiry on the now notorious security breach reported last October at HM Revenue & Customs (HMRC) has recently been published. The breach exposed 25 million personal records and has been proved to be caused by “major institutional deficiencies”, reports SearchSecurity UK.

The inquiry extensively details the operation procedures implemented at HMRC before the data breach. It also describes the circumstanced that have led to the loss of two CDs holidng personal and financial information on Child Benefit recipients.

The inquiry, led by Kieran Poynter of management consultants Pricewaterhousecoopers (PwC), concluded that “information security simply wasn’t a management priority as it should have been, and HMRC had an organizational design which was unnecessarily complex and crucially, did not clearly focus on management accountability.”

The report of the investigation provides a detailed blow-by-blow account of events leading up to the data loss, with extracts of emails showing who said what to whom. However, since the blame for the breach is attributed to cultural and organizational weaknesses, the staff members involved are given anonymity, and referred to only as employee A, B, C and so on.

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Related Posts from the Past:

• Secuirty Threat Caused by Lost USB Sticks
• Data Watchdog Warns of Poor Data Protection in UK Institutions
• Stockbrokers Get Fine for Poor Security
• Expensive Security Keeps Breaches Away
• CareFirst Dental HMO Exposes Data of 75,000 Members