Updated Almost 100 staff at UK tax collector HMRC faced disciplinary action for computer misuse in the previous two full financial years.
This is according to a Freedom of Information request by the Parliament Street think tank which discovered 92 employees were probed and rapped for the abuse in fiscal '18 and '19.
The most prevalent cases pertained to misuse of email, with 11 employees given a written warning in fiscal '19, which ended March this year, compared to 15 in the prior year. In many of these cases, the punished employees were repeat offenders and had already received a final written warning for computer misuse.
The responses from HMRC also show that nine staff members in the most recent full financial year were hit with a warning over misuse of social media, including Facebook and Instagram – versus no cases in the previous 12 months.
UK taxman falls foul of GDPR, agrees to wipe 5 million voice recordings used to make biometric IDsREAD MORE
Some 13 were penalised for misuse of telecommunications over the two financial years, and 19 for wider misuse of computers or HMRC systems, of which eight were fired – the only case of sackings over the 24 months.
HMRC has some 58,700 full-time employees on the payroll (PDF) so the figures highlighted by the FoI equate to a relatively small number. Nevertheless, there is a degree of concern that misuse of HMRC systems could pose a more serious threat.
"Tackling employee misuse of IT systems should be a top priority for all public sector organisations, particularly those which handle the financial data of millions of people," claimed Christy Wyatt, CEO at Absolute Software.
"This kind of activity often involved individuals abusing access to personal information and in some cases sharing it, leading to a potential data breach."
The Register has asked HMRC to comment.
Updated on 2 October to add:
Following publication of the article, the tax collector got in touch.
“HMRC has effective processes in place to respond to instances of alleged or suspected misconduct involving breaches to the Civil Service Code. Where cases of any misconduct are identified, we have robust procedures in place to investigate the circumstances and, where appropriate, apply a range of sanctions.” ®