HMRC has disciplined nearly more than 90 members staff for misuse of email systems, social media accounts and telecommunications devices over the last two financial years, according to official figures.

The findings, which were obtained via a Freedom of Information Request submitted by the Parliament Street think tank, revealed that in total 92 members of staff were investigated and disciplined for misusing HMRC’s IT systems.

Of this figure, the disciplinary process resulted in eight members of staff being dismissed.

The revelations sparked concerns from cyber security experts around how misuse of HMRC systems could result in a data breach.

The most common case of computer misuse over the last two financial years was the misuse of email, whereby 11 employees were issued a written warning in 2018-19, compared to a further 15 in 2017-18.

In many of these cases, the disciplined worker was a repeat offender and had been also been issued with a final written warning for computer misuse.
 
The figures also found that in 2018-19, nine employees were issued a written warning for misuse of social media channels such as Facebook or Instagram, compared to zero from the year before.
 
Additionally, 13 workers in total were punished for misuse of telecommunications and 19 disciplined for misuse of computer equipment or systems.

Christy Wyatt, CEO of online security firm Absolute Software, said: “Tackling employee misuse of IT systems should be a top priority for all public sector organisations, particularly those which handle the financial data of millions of people.

“This kind of activity often involves individuals abusing access to personal information and in some cases sharing it, leading to a potential data breach.

“Organisations like HMRC need to adopt a enterprise resilience mindset not only around potential bad employee behaviour, but fortifying their overall security posture and risk management profile.”