HM Revenue and Customs has confirmed that taxpayer data was held on a laptop computer that was stolen from an employee’s car.
The taxpayer information was supplied by financial institutions for a routine audit by HMRC. But HMRC would not confirm how many people’s data was on the laptop computer, which is understood to have been stolen last month.
“We very much regret the loss of some customer data provided to us by a number of financial institutions. The incident has been reported to the police and we are carrying out an urgent internal inquiry,” an HMRC spokesperson said.
He added: “HMRC places the utmost importance on the security of confidential material and we have in place very clear processes governing the handling of such material. We have notified the relevant authorities and are writing to the financial institutions whose customers are affected.”
The data was protected by “a complex password and powerful encryption software", the spokesperson said.
Lost and stolen laptops have been at the centre of a number of recent data security breaches affecting both public sector bodies such as NHS hospitals and private sector businesses including Marks and Spencer and Nationwide.
Earlier this month, a contractor working for the Gap clothing chain was blamed for the loss of data on 800,000 job applicants after the theft of two laptop machines.
Philip Wicks of business and technology consultancy Morse said: “It looks like the HMRC have put in place numerous types of protection that has ensured the data on this laptop can’t be used by fraudsters. However, this incident once again highlights the need for organisations to think long and hard about the data they allow employees to take off-site on laptops and mobile devices. Organisations should have policies and procedures that dictate what information can and can’t be taken off the premises.”