Her Majesty's Revenue & Customs, the U.K. government department responsible for collecting taxes and other services, has admitted losing the personal details of more than 6,500 people who file pension claims.
The details were lost at an office of HMRC in Cardiff, the capital and largest city in Wales, after a data cartridge went missing in September, an HMRC spokesperson said on Tuesday. The cartridge had been sent to the Cardiff office by Countrywide Assured, a life insurance and pensions company.
Details on the cartridge included names, addresses, national insurance numbers, and pension contributions, according to Graham Kettleborough, chief executive officer of Chesnara, the parent company of Countrywide Assured.
The cartridge was signed for when it reached the office but was subsequently misplaced, said the HMRC spokesperson. However, the spokesperson insisted that, because the information on the data cartridge can be accessed only by a mainframe computer, the risk to the individuals involved is "very low."
Kettleborough said that, in regard to personal pension policies, Countrywide Assured made submissions to HMRC "to make the correct tax additions to policies and (to get) the right numbers for the right people."
The breach was outlined by HMRC's director general, Dave Hartnett, to the Treasury select committee last week.
Compromised personal details have in the past been sold to fraudsters for the purposes of identity theft and other criminal activities.
Chesnara said it had sent a letter to those affected, and that the letter had been partly an explanation of what had happened and partly an apology.
HMRC said in a statement on Tuesday: "We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologize to all those affected."
The breach is the latest in a series of incidents, seven of which have affected HMRC this year.
In November, HMRC admitted to losing the details, including bank account information, of 25 million people claiming and receiving child benefits, while, earlier this week, the Driving Standards Agency admitted to compromising the personal details of 3 million driver's test candidates.