Question to the HM Treasury:

To ask the Chancellor of the Exchequer, what steps her Department is taking to protect HMRC-held personal data from unauthorised access.

HMRC have strict security standards, and have appropriate technical, physical and managerial procedures in place to safeguard and secure personal information.

HMRC limit access to personal information to those persons, or agents who have a business or legal need to do so. For customer-facing services, this includes identity checking procedures and access controls, such as voice biometrics and multi-factor authentication.

Fraudsters use the HMRC brand to target individuals with fake correspondence, phishing emails, text messages and telephone calls. We publish phishing and scams guidance on GOV.UK, showing how to recognise scams, report issues and stay safe online.