A Serious Cyber Attack Could Cost HMRC Billions in Compensation Claims

By   ISBuzz Team
Writer , Information Security Buzz | Feb 01, 2016 08:00 pm PST

New study reveals that most British citizens would expect a payout if their personal and financial data was lost as a result of completing a tax return online

HMRC could face compensation claims of over £13 billion if it were to lose people’s personal and financial data as a result of a cyber attack, according to a new study by digital authentication provider, MIRACL.

The research, which surveyed the attitudes of 1,000 UK consumers about their personal security online, revealed that three-quarters of British citizens would expect to be compensated in the event of a data breach at HMRC in which their financial data was stolen. When asked how much they would expect this to be, the average amount the respondents suggested was £1,316.

With ten million people expected to complete their tax returns online by the end of January, if HMRC suffered a cyber attack in which this data was compromised, the organisation could face a potential compensation bill of £13,160,000,000.

The study highlights the pressures facing organisations as they try to protect their customers’ data in the face of growing cyber threats. Criminals often use these methods to steal sensitive data, which can be used to carry out identity fraud, and raid people’s bank accounts.

Brian Spector, CEO at MIRACL, explains: “Getting their hands on all the personal and financial data involved in a tax return is a cyber criminal’s dream. Armed with an individual’s banking and financial history, their employment information, date of birth, address and login details, a criminal could carry out a sophisticated identity theft. For instance, they could potentially take out a mortgage in that person’s name.

“This is why the Government is now implementing stronger security measures through its Gov.UK Verify portal, which offers highly secure multi-factor authentication to protect UK citizens when they disclose personal information online, such as completing a tax return. Consumers must do everything in their power to protect their personal and financial information online, and stay vigilant to the threats posed by phishing emails and other scams.”

If a criminal successfully applied for a mortgage in a victim’s name, the potential size of compensation claims could scale enormously. According to the latest figures from the British Bankers’ Association, the average value of a mortgage approved for house purchase in the UK was £175,700.[1] With this in mind, British citizens are underestimating the value of identity theft by £174,384.

While the average compensation figure suggested in the research was £1,316, the highest number of respondents thought an even smaller figure was appropriate. The largest group, 22% of respondents, suggested a compensation amount of between £251 and £500, while just 14% realised the value of this data by proposing a figure of more than £5,000.

Spector continues, “The average consumer is worryingly innocent to the potential risks of data theft and identity fraud online. The truth is that criminals are harnessing ever-more sophisticated methods to steal personal and financial data, wreaking enormous damage to those involved. This is a multi-billion dollar business and so people must be vigilant.”

The study also outlines the wider reputational damage faced by organisations that suffer data breaches. The vast majority of those surveyed (85%) said that they would not use a website or online service again if their details were stolen from that website.

Spector continues, “Companies like TalkTalk who suffer a serious data breach face a multi-headed monster of problems. Not only are they presented with huge compensation claims from victims, but they also have to deal with serious reputational damage. This can lead to a mass exodus of customers and a sharp decline in share value. Cyber attacks aren’t just a problem for IT teams, but a real threat to an organisation’s survival.”

[su_box title=”About MIRACL” style=”noise” box_color=”#336588″]MIRACLMIRACL, a leading Internet cyber-security company headquartered in the UK, with offices in San Francisco, California and Tokyo, Japan. MIRACL is a pioneer in the development of pairing-based cryptography. Its open source and commercial cryptographic libraries are used in IoT devices and applications from technology leaders such as Google, Microsoft, Intel, Gemalto and ARM.

MIRACL’s Distributed Trust Authority service provides an alternative to commercial certificate authorities for privacy, authentication, non-repudiation and message integrity on the Internet, guaranteeing that no one entity is a single point of compromise.

MIRACL’s M-Pin Strong Authentication Platform receives shares of cryptographic keys from the Distributed Trust Authority service. M-Pin customers include Experian, Gov.UK, NTT and other security conscious organizations through distribution partners such as NTT Software, Amazon Web Services, Microsoft Azure and Canonical Juju.

M-Pin removes the largest cyber security threat organisations face today; password database smash n’ grab attacks. M-Pin delivers two-factor authentication, a better user experience, and is resistant to man-in-the-middle attacks using any modern browser or app.

The new M-Pin-In-Mobile SDKs for iOS and Android enable app developers to embed M-Pin client functionality directly into their app, and support the TEE in all mobile devices.[/su_box]

[su_box title=”About GOV.UK Verify” style=”noise” box_color=”#336588″]One of the UK government’s flagship digital projects, GOV.UK Verify is being built and developed by the Government Digital Service (GDS) and is currently in beta, but available to most people filling out their tax returns online. Using the service, individuals are able to select from a range of certified companies who will associate a verified digital profile to their real world identity, authenticating them on behalf of GOV.UK.[/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x