Nearly 100 HMRC employees have faced disciplinary action after misusing computer systems over the past two years, according to Parliament Street.
The think tank sent Freedom of Information (FOI) requests to the UK tax office to better understand the insider threat there.
It revealed that 92 staff members had misused IT systems over the previous two financial years, with eight sacked for their indiscretions.
Most common was misuse of email, with 15 written warnings issued in 2017-18 and a further 11 in 2018-19. According to the think tank, the culprit in many of these was a repeat offender, who had also been issued with a final written warning for computer misuse.
In 2018-19, nine written warnings were issued for misuse of social media channels, compared to zero the previous year.
In addition, 13 HMRC employees were reprimanded for misuse of telecommunications, and 19 were disciplined for misuse of computer equipment or systems.
In fact, all eight dismissals were for “misuse of computer equipment.”
Absolute Software CEO, Christy Wyatt, said tackling insider abuses should be a top priority for the public sector, especially organizations handling highly sensitive financial data on millions of citizens.
“This kind of activity often involves individuals abusing access to personal information and in some cases sharing it, leading to a potential data breach,” she added.
“Organizations like HMRC need to adopt an enterprise resilience mindset not only around potential bad employee behavior, but fortifying their overall security posture and risk management profile.”
The HMRC has been called out before for poor data protection practices. In May, privacy regulator the ICO handed it an enforcement notice after it broke the law over collection of biometric data from taxpayers.
Some 20% of cybersecurity incidents and 15% of the data breaches investigated by Verizon this year were linked to insiders, according to its Data Breach Investigations Report (DBIR).