A Commons Treasury Committee report said in nearly all the cases when taxpayers reported seeing details of others’ returns, they were the customer of one ISP.
Revenue blames ISP for security breach
It added: ‘But as ISPs out-source or subcontract many of their services, including information, the Revenue considered it would be unfair to single out one for blame.’
An immediate investigation showed the system had not been hacked into and the problem causing the breaches of confidentiality was complex, involving someone outside the Revenue’s control storing information, which should not have been stored.
This resulted in a situation whereby two different people could share an online session because the system thought they were the same person.
Changes have been made to the system to prevent this happening again.
There were 13 cases in total of returns being seen by someone else, with 47 cases where tax returns could have been seen and 665 cases where the Revenue could not be certain a return had not been seen but had no reason to believe it had – out of a total of nearly 28,000 who had used the system.
The committee said it was ‘very concerned’ over what happened and regarded the incident as ‘extremely serious’. MPs said it was too soon to determine what impact the incident would have on take up of the system.
The Revenue claimed take-up was already approaching last September’s peak.
The committee also urged the Revenue to solve the problem causing one in five attempts to file online to fail.
The called for simplification of the personal tax system to be made one of the Revenue’s key performance targets.