From PAYE To P45: HMRC Staff Fired For Prying Into Taxpayer Data

The UK tax authority has been forced to clean house after dozens of staff were caught helping themselves to taxpayer records.

Freedom of Information (FOI) figures pried from His Majesty's Revenue & Customs (HMRC) and published by The Telegraph reveal that between 2022 and 2025, a total of 354 staff were hauled up for data security breaches, and 186 of them were shown the door.

The cull has gathered pace too, with 50 employees booted out in the past year alone – proof that the real tax burden might be resisting the temptation to snoop on your neighbor's payslip.

The scale of the cull is striking for an organization that repeatedly insists breaches are rare. Officials point out that the total represents around 0.1 percent of HMRC's 68,000-strong workforce. Even so, that is little comfort for taxpayers who might expect the people handling their salary details and National Insurance numbers to be a touch more careful.

Some cases read more like a comedy sketch than a serious breach. One HMRC worker was shown the door after emailing himself a file containing names, National Insurance details, and salaries of 100 people so he could print it at home. At a tribunal, he argued that anxiety clouded his judgment. The judge disagreed and ruled the dismissal fair.

Managers have blamed the rise of home working for the jump in incidents. Since the pandemic, staff have been more likely to blur the lines between official data and personal devices. One senior figure admitted that problems had increased since COVID sent much of the workforce to the spare bedroom.

One HMRC manager quoted in the tribunal told staff in an email: "There have been more incidents of this recently as we are working from home a lot more since COVID, but never send anything to your own private email address to print off that contains any personal or business data."

• Why the UK public sector still creaks along on COBOL
• Fujitsu sorry for Post Office horror – but still cashing big UK govt checks
• UK Spending Review prescribes £10B digital remedy for NHS
• After leaving citizens on hold for 798 years, UK tax authority has £1B for CRM upgrade

It is not yet clear if the disciplinary data uncovered in this FOI request is connected to the June incident reported by The Register, when fraudsters tricked their way into HMRC systems and accessed details of 100,000 taxpayers. That breach was said to have cost around £47 million in bogus rebates. We have asked HMRC to clarify whether the two are linked, but have yet to hear back.

The revelations come at a time when HMRC is already under fire for its wider use of data. The department has been using AI tools to trawl through social media posts and is feeding financial information into its Connect system to issue automated warnings to potential tax dodgers. Officials stress that access to personal data is limited to criminal investigations and that there are safeguards in place, but critics warn the approach risks creating Horizon-style scandals if errors creep in. The Register has asked HMRC to comment.

For an agency that prides itself on watching taxpayers, the bigger problem may be that too many of its own staff are watching the wrong things. ®