HMRC disciplines 100 staff for IT misuse

Cyber security fears as Her Majesty's Revenue and Customs (HMRC) disciplines nearly 100 staff for misuse of email systems, social media accounts and telecommunications devices

by Patrick Sullivan, Political Editor on 1 October 2019 09:15

Shutterstock_555397294-1-1440x845

Her Majesty's Revenue and Customs (HMRC) has disciplined nearly 100 staff for misuse of email systems, social media accounts and telecommunications devices over the last two financial years, according to official figures.

The findings, which were obtained via a Freedom of Information Request from the Parliament Street think tank, revealed that in total 92 members of staff were investigated and disciplined for misusing HMRC’s IT systems. Of this figure, the disciplinary process resulted in eight members of staff being dismissed. The revelations have sparked concern from cyber security experts around how misuse of HMRC systems could result in a data breach.

The most common case of computer misuse over the last two financial years was the misuse of email, whereby 11 employees were issued a written warning in 2018-19, compared to a further 15 in 2017 -18. In many of these cases, the disciplined worker was a repeat offender, and had been also been issued with a final written warning for computer misuse.

The figures also found that in 2018-19, nine employees were issued a written warning for misuse of social media channels such as Facebook or Instagram, compared to zero from the year before. Additionally, 13 workers in total have been punished for misuse of telecommunications, and 19 disciplined for misuse of computer equipment or systems.

Christy Wyatt, CEO of Absolute Software said: “Tackling employee misuse of IT systems should be a top priority for all public sector organisations, particularly those which handle the financial data of millions of people. This kind of activity often involves individuals abusing access to personal information and in some cases sharing it, leading to a potential data breach. Organisations like HMRC need to adopt a enterprise resilience mindset not only around potential bad employee behaviour, but fortifying their overall security posture and risk management profile.”

Comments
blog comments powered by Disqus