HMRC breach would have been avoided for just A$30,000

By

The massive data breach at UK's HMRC, in which the records of 25 million people were lost, could have been avoided for £15,000 (A$30,000).


The massive data breach at Her Majesty's Revenue and Customs, in which the records of 25million people were lost, could have been avoided for a maximum cost of £15,000 (A$30,000), it emerged overnight.

But instead of spending the money, HMRC decided to save the cash because information security was not a priority.

The revelations were made this morning by one of the key authors of the main report into the breach, Philip Wright. Wright, a partner at PriceWaterhouseCoopers, was one of the executives investigating HMRC for the report, which bore the name of PwC chairman Kieran Poynter.

The HMRC records were lost on two CDs which the department had posted to the National Audit Office in October last year. The NAO had requested just 100 records from HMRC to carry out its work, but HMRC posted the full database of 25million.

Wright revealed that EDS - one of HMRC's IT suppliers - had quoted the department £15,000 to extract the information required. Had HMRC accepted the quote, just 100 records would have been lost. Alternatively, because of the smaller file size, the records could have been sent electronically.

Wright's team also found the majority of the NAO's demands could have been met for free by using an earlier sample of information. Another quote for extracting the information required came in at £5,000 (A$10,000).

"It would have been possible at a cost of £15,000 to copy it, but it was felt that was a cost not worth paying because information security was not a priority," Wright said, speaking today at an event organised by Westminster Forum Projects.

Asked whether spending this money would have allowed the breach to be avoided, Wright answered: "Yes".

But he said he wasn't surprised by the breach. "They needed a shock like that to take it seriously. It was a hell of a shock," Wright said.

Wright said that 30 individuals were in some way involved in the catastrophic loss, across the IT, operations and compliance divisions.

"Any of them could have stopped it happening," he said.

The findings are hidden deep in the 103-page Poynter Review, which was published late last month.

See original article on SC Magazine UK
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
breachdatagovernmenthmrcsecurityuk

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?