Editorial

Ageing HMRC IT puts government at ‘high risk’ of cyberattack

HMRC admits outdated tech could “harm our business operations permanently”.

Posted 17 October 2023 by Christine Horton


The UK is at risk of a massive security breach because of a serious risk from HM Revenue and Customs (HMRC) “old and ageing IT systems”.

The security warning in HMRC’s annual accounts, uncovered by The Independent, states the outdated tech could “harm our business operations permanently”.

The risk was exposed as parliament’s Treasury committee prepares to question HMRC chiefs and board members over the issue on Wednesday. It ranks the risk – codenamed red – and impact of such a breakdown as “high” and warns a cyberattack or malfunction is becoming more likely.

“This risk is red due to continued reliance on old and ageing IT systems with an increased risk of inability to meet operational needs,” said the accounts

The chair of parliament’s Treasury committee, Conservative MP Harriett Baldwin, said the warning was “concerning” and that she would be demanding answers from HMRC officials.

She told The Independent: “It is concerning that our taxation systems, which support our key public services, could potentially be harmed permanently because of out-of-date IT equipment.

“I am sure the committee will seek answers on this issue during our regular scrutiny sessions with HMRC.”

Elsewhere, Hanah-Marie Darley, director of threat research at cybersecurity firm Darktrace, told The Independent HMRC was at “increased risk” from hackers because it holds “very sensitive data”.

She said those likely to target its vulnerabilities could include political actors from the “big three” countries for hackers – Russia, China and North Korea – as well as “opportunistic cybercriminals”.

Darley warned that any data stolen from HMRC could be used for identity fraud and even to take over people’s bank accounts.

Ageing IT next government scandal?

The HMRC warning comes after spending watchdog the National Audit Office (NAO) said ageing IT could be the next scandal to hit the government.

NAO boss Gareth Davies said that while IT is not “glamorous”, keeping it up to date is a “driver of long-term value for money”.

“Investing adequately to maximise value for taxpayers and service users is equally vital for IT systems,” he wrote in The Times.

“Recent NAO reports chart how ageing systems are creating problems for service users, such as state pensioners missing out on payments they are entitled to. Outdated technology also acts as a brake on vital innovation in the delivery of frontline services.”

An HMRC spokesperson said: “We run a 24/7 operation across a large IT estate with well-developed systems and processes to monitor and respond to incidents.

“Security and privacy are at the heart of our work, and we are continuously strengthening and modernising our IT estate.”

Event Logo

If you are interested in this article, why not register to attend our Think Digital Identity and Cybersecurity for Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now