HMRC could face compensation claims of billions if it were to lose people’s personal and financial data as a result of a cyber attack, according to a new study by a digital authentication provider.
A survey of the attitudes of 1,000 UK consumers about their personal security online, showed that three-quarters of British citizens would expect to be compensated in the event of a data breach at HMRC in which their financial data was stolen. When asked how much they would expect this to be, the average amount the respondents suggested was £1316.
With ten million people expected to complete their tax returns online by the end of January, if HMRC suffered a cyber attack in which this data was compromised, the organisation could face a potential compensation bill of £13,160,000,000, MIRACL suggests.
The study points to the pressures facing organisations as they try to protect their customers’ data in the face of cyber threats. Criminals often use these methods to steal sensitive data, which can be used to carry out identity fraud, and raid people’s bank accounts.
Brian Spector, CEO at MIRACL, says: “Getting their hands on all the personal and financial data involved in a tax return is a cyber criminal’s dream. Armed with an individual’s banking and financial history, their employment information, date of birth, address and login details, a criminal could carry out a sophisticated identity theft. For instance, they could potentially take out a mortgage in that person’s name.
“This is why the Government is now implementing stronger security measures through its Gov.UK Verify portal, which offers highly secure multi-factor authentication to protect UK citizens when they disclose personal information online, such as completing a tax return. Consumers must do everything in their power to protect their personal and financial information online, and stay vigilant to the threats posed by phishing emails and other scams.”
If a criminal successfully applied for a mortgage in a victim’s name, the potential size of compensation claims could scale enormously. While the average compensation figure suggested in the research was £1,316, the highest number of respondents thought an even smaller figure was appropriate. The largest group, 22pc of respondents, suggested a compensation amount of between £251 and £500, while just 14pc realised the value of this data by proposing a figure of more than £5,000.
Spector adds: “The average consumer is worryingly innocent to the potential risks of data theft and identity fraud online. The truth is that criminals are harnessing ever-more sophisticated methods to steal personal and financial data, wreaking enormous damage to those involved. This is a multi-billion dollar business and so people must be vigilant.”
The study also outlines the wider reputational damage faced by organisations that suffer data breaches. The vast majority of those surveyed (85pc) said that they would not use a website or online service again if their details were stolen from that website.
Spector says: “Companies like TalkTalk who suffer a serious data breach face a multi-headed monster of problems. Not only are they presented with huge compensation claims from victims, but they also have to deal with serious reputational damage. This can lead to a mass exodus of customers and a sharp decline in share value. Cyber attacks aren’t just a problem for IT teams, but a real threat to an organisation’s survival.”
