HMRC has been taken to task by Richard Clayton, a security expert at Cambridge University and adviser to the House of Lords committee on personal internet security, over the security of its online filing system.
It seems that people filling in the online tax forms could be at risk of allowing others to access their personal details, because the username field has an auto-complete function.
Computing quote Geoff Westcott:
"Click on a link to open the 'about you' page, for example, and there is my password clearly displayed in the browser address bar for all to see. Print off any page and the password is printed as part of the URL.
Bearing in mind that the username on the log-in page is an auto-completed field in many browsers, a phisher now has all the information they need to log in and access any and all of my personal information."
Richard Clayton said that such a fault was "foolish" and "not regular practice". He noted that being able to see someone's tax exposed the taxpayer to possible id theft.
Westcott claims to have reported the fault to HMRC twice, but has yet to receive a response.
HMRC contest the claim and note that that the URL shows a unique taxpayer record (UTR) number, not the password.
Tax does have to be taxing.
HMRC Is Shite (www.hmrcisshite.com), also available via the domain www.hmrconline.com, is brought to you by www.kenfrost.com "The Living Brand"
- About HMRC Is Shite
- RTI Resources
- Tax Insurance
- About KenFrost.com
- Contact Me
Dedicated to the taxpayers of Britain, and the employees of Her Majesty's Revenue and Customs (HMRC), who have to endure the monumental shambles that is HMRC.