THE child benefit records blunder plunged Gordon Brown into a fresh controversy tonight after the acting head of HMRC admitted there had been "systemic failure".
Giving evidence to a committee of MPs, David Hartnett owned up to six other serious security breaches at HMRC in two-and-a-half years - before the loss of the two computer discs.
Those incidents included the loss, last year, of a computer disc containing banking information by HMRC's IT partner. That disc was later found.
Mr Hartnett's admission that this amounted to "systemic failure" directly contradicts the Prime Minister's insistence that the missing CDs were an isolated mistake, by a junior official.
Shadow Chancellor George Osborne said: "As the acting head of HMRC admits, far from being a mistake by a single junior official, the data security breaches at HMRC are the result of serious systemic failures.
"The public will now expect the Chancellor to come clean and explain exactly when and how these previous losses of personal information took place."
The acting chairman also revealed it would have cost under £50,000 to strip the missing CDs of bank details and addresses - the most sensitive data of greatest use to fraudsters.
This was requested by the National Audit Office, which was sent the discs, but HMRC refused to comply - because of the extra cost.
The damaging revelations came as HMRC offered a £20,000 reward for the safe return of the two CDs, which contain the personal details of 25m people.
The offer comes after more than two weeks of fruitless police searches along the likely route of the discs, including a trawl through a rubbish tip.
Meanwhile, millions of families with children have been warned to look out for fraudsters targeting their bank accounts.
Mr Hartnett was giving evidence to the Treasury sub-committee, HMRC's first appearance before MPs since the CDs went missing from Emerson House child benefits centre, in Washington, Wearside.
Asked if seven serious security breaches meant there was "systematic failure" - something explicitly denied by Mr Brown - Mr Hartnett said: "I think that it may well do."
Describing the blunder as a "dreadful experience", he told MPs it was "a matter of huge regret" that the data was not 'desensitized', as the NAO had requested.
Asked how much it would have cost to strip out the most important data, Mr Hartnett - after being prompted - replied "less than £50,000".
Revealing that he had been involved in previous exercises to take out sensitive details, he said: "This can be done - and can be done quickly."
Mr Hartnett said: "If the cost had been, say, £50,000, I would expect the process manager to become involved and also to say 'Golly, we don't need to provide them with some of this information'."
But the acting chairman refused to agree that cost-cutting at HMRC - which could result in 25,000 job losses - were to blame for the data disaster.
Mr Hartnett said: "I have not seen anything, so far, that says this dreadful mistake has anything to do with headcount reductions."
He admitted that "data security" was "an issue for HMRC" - as was the way it "supervised junior staff".
Mr Hartnett also acknowledged that morale at the Washington office - and throughout HMRC - was "very low indeed on the back of this experience".
But he said, of Washington staff: "They are absolutely determined to learn from this and re-establish their reputation as a high-performing part of our business - and do the public service they want to do."
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereComments are closed on this article