HM Revenue and Customs has admitted that 15,000 people’s personal data could be at risk after a CD with their details was lost.

The names, national insurance numbers and dates of birth of thousands of holders of Standard Life pensions were on a CD that was “lost in transit by HMRC’s external courier”, the agency said.

But an HMRC spokesperson refused to say whether or not the data was encrypted, citing security reasons.

“Customers have been written to and precautionary measures have been put in place to check customers' records for any fraudulent activity. We have also reviewed our arrangements and introduced safeguards to prevent this happening in future,” he said.

“HMRC very much regrets that this has happened and are committed to working with the institutions to ensure that those customers affected receive the advice and support they require. We have asked customers to remain vigilant and have set up a number of dedicated HMRC telephone hotlines.”


The CD was lost at the end of September. Another disk has also been lost by the same courier, the spokesperson confirmed, but this contained “less than 24 customers’ details”, he said.

The incident is the second data security breach at HMRC to come to light within a month. In October the agency confirmed that taxpayer data was held on a laptop computer that was stolen from an employee’s car, also in September.

On that occasion HMRC would not confirm how many people’s data was at risk. But the agency did confirm that the laptop data was protected by “a complex password and powerful encryption software.”