LONDON (Reuters) - Systematic failures at HM Revenue and Customs (HMRC) led to the loss of two computer discs containing personal details of 25 million people, a report has found.
Here are the main facts about the data scandal, revealed in a report by the Independent Police Complaints Commission.
* In March 2007, the National Audit Office requests a sample of child benefit data to carry out an audit to check what errors were being made in payments. The NAO says it does not need names, bank details or addresses.
* HMRC decides to hand over information taken from a 100 percent scan of its data, i.e. all the details held about child benefit claimants.
One HMRC employee wrote in an email that the NAO needed to be made aware the confidential data had to be protected. It said: “Things do get mislaid and imagine the uproar if the discs containing the (child benefit) customer data went astray and turned up where they shouldn’t -- the long knives would be out.”
The discs are given to an NAO employee in person and later safely returned.
* In October, the NAO began another audit. It asked for the discs to be sent “as safely as possible due to their content”.
* The discs contain 7.5 million records with about 25 million names. It included the names of parents, National Insurance numbers, addresses, dates of birth, bank sort codes and account numbers, and the method of payment.
It included 335 “nationally sensitive records”.
* On October 18, an HMRC employee, referred to as J, puts a package with two discs in the internal mail. Four days later the NAO asks if the discs have been sent.
* On October 24, employee J sends two more discs by courier. He raises concern that the other package had gone missing and on November 8 reports a security breach.
* On November 15, police launch an investigation and on November 20, Chancellor Alistair Darling reveals the discs had been lost.
Reporting by Michael Holden