HMRC loses thousands of pensioners' details

HMRC has admitted another data loss, this time over 6,500 personal details of people collecting pensions
Written by Tom Espiner, Contributor

Her Majesty's Revenue & Customs has admitted losing the personal details of over 6,500 people claiming pensions.

The details were lost at an office of HM Revenue & Customs in Cardiff after a data cartridge went missing in September, an HMRC spokesperson said on Tuesday. The cartridge had been sent to the Cardiff office by Countrywide Assured, a life assurance and pensions company.

Details on the cartridge included names, addresses, national insurance numbers and pension contributions, according to Graham Kettleborough, chief executive officer of Chesnara, the parent company of Countrywide Assured.

The cartridge was signed for when it reached the office but was subsequently mislaid, said the HMRC spokesperson. However, the spokesperson insisted that, because the information on the data cartridge can only be accessed by a mainframe computer, the risk to the individuals involved is "very low".

Kettleborough said that, in regard to personal pension policies, Countrywide Assured made submissions to HMRC "to make the correct tax additions to policies and [to get] the right numbers for the right people".

The breach was outlined by HMRC's director general, Dave Hartnett, to the Treasury select committee last week.

Compromised personal details have in the past been sold to fraudsters for the purposes of identity theft and other criminal activities.

Chesnara said it had sent a letter to those affected, and that the letter had been partly an explanation of what had happened and partly an apology.

HMRC said in a statement on Tuesday: "We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologise to all those affected."

The breach is the latest in a series of incidents, seven of which have affected HMRC this year.

In November, HMRC admitted to losing the details, including bank account information, of 25 million people claiming and receiving child benefits, while, earlier this week, the Driving Standards Agency admitted to compromising the personal details of three million learner drivers.

Editorial standards