1.5% of HMRC’s electronic devices are lost and stolen each year
London: His Majesty’s Revenue & Customers (HMRC) has reported nearly 3,000 laptops, tablets and mobile phones as lost and stolen, worth over £1.8 million, against the backdrop of £47 million being stolen from 100,000 people in a HMRC phishing attack last month.
The lost devices equate to 1.5 per cent of electronic devices reported lost and stolen against the taxman’s 65,000 workforce every year.
The data was revealed via the Freedom of Information Act (FOI) and analysed by the Parliament Street think tank, observing the number of laptops, tablets and phones reported lost and stolen within HMRC over the past three years.
In total, 393 devices were stolen from HMRC and its staff, worth £295,818. The taxman said that all staff are required to report all stolen HMRC devices as security incidents which are subsequently investigated.
Over the period, 2,504 mobiles and laptops were reported lost at a value of £1,546,322. That includes 2,181 mobile phones, 866 of which were reported lost over the past year, amid rising national security concerns.
HMRC stated that the high number of mobile phone losses recorded in the period is due to internal audits of legacy devices that had been replaced with newer models. It also said that the data includes postal losses.
HMRC standard issue devices are encrypted to HMG standards, and they are all deactivated remotely once they have been reported lost or stolen.
Andy Ward, SVP International, Absolute Security, commented: “Stolen devices are a major national security risk for government departments as they hold vast quantities of sensitive information such as personal addresses, VAT filings and tax investigation data. If data gets leaked, people and businesses are exposed to crippling financial losses, lawsuits and fraud and identity theft risks. ”
“When devices are lost, cybersecurity teams must immediately freeze or shut off the device remotely, prioritising recovery and resilience to stop hackers breaching the entire network. Organisations are only as strong as their weakest link, whether that’s an untrained employee or a stolen laptop.”
It comes alongside a wave of other government departments reporting the misplacement and theft of devices. Over the same period, the Ministry of Defence listed 1,166 devices lost and stolen.
A further 688 devices were lost and stolen across the Bank of England, the Department for Science, Innovation and Technology, the Competition and Markets Authority, and the Department of Health and Social Care.
Arakadiy Ukolov, Co-Founder and CEO of Ulla Technology, commented: “Whether it’s financial services, government or even HR, it’s vital that organisations do everything with their power to protect their data. There must be a strong organisation-wide governance model in place, supported by privacy-first digital infrastructure, where data remains under strict control and is processed securely. Combining this with staff awareness and proper training on cyber risks, from lost devices to data leakage on third-party AI platforms, can cut out the majority of breaches and maximise data security.”
