Perhaps his mind was elswhere that Thursday morning. England's hopes of qualifying for the European Championships had been dentged the night before by defeat in Moscow — still, there was the Rugby World Cup Final to look forward to at the weekend.

Certainly, when the request came to send child benefit data to the National Audit Office in London, the junior official’s mind does not appear to have been on the job. He burned the entire national child benefit database on two computer discs, popped them in an envelope and sent them to the post room for collection by TNT couriers.

“He messed up, it was treated as a normal piece of mail,” an insider at HM Revenue & Customs said.

The IT worker returned to his duties, unaware that posting that envelope would trigger the country’s biggest police investigation into possible identity theft and jeopardise the career of the Chancellor.

Q&A: how can I protect myself?

Advice for anyone who fears their personal data may be misused by fraudsters after Britain's worst ever security breach

• Government under pressure over taxman's giant blunder

Related Internet Links

• Online security: full coverage

BACKGROUND

• Police step in as other CDs have gone astray

• Moment’s blunder puts half the country at risk

• Data watchdog seeks dawn-raid powers

• New data law 'urgently needed'

Related Links

• Blunder leaves 25 million exposed to ID fraud risk

• Pressure on Government over taxman's blunder

He had committed a potentially catastrophic security breach.

HMRC’s procedures state that such detailed data — the names, addresses, National Insurance numbers and bank details of every child benefit claimant in the country — should never leave the offices in Washington, Tyne & Wear. If the auditors wanted to see that material, they were to be invited to the North East to view it on a standalone computer in a secure room.

But the NAO staff had not asked for this level of detail. They had specified that they wanted limited information, specifically claimants’ names, NI numbers and child benefit numbers. They knew the procedures and the risks associated with sending addresses or bank account details.

The NAO wanted to select a sample of claimants and then visit HMRC to study the full records as part of the 2007-08 child benefit audit.

HMRC decided unnecessarily, as it had done seven months earlier for the 2006-07 audit, to send much more and exposed 7.25 million families to the risk of identity fraud by organised criminals.

The Information Commissioner was already investigating two serious data-protection breaches at HMRC — the losses of a laptop containing 15,000 individuals’ details and a CD with information about Standard Life customers. On October 18, however, no one could foresee the problems ahead. It was not until the following Wednesday, when the NAO called to say that the discs had not arrived, that anything was done.

And then, the wrong thing was done again. The full database was burned on to two more discs and posted again. This time, however, the despatch was approved by senior staff and sent by recorded delivery.

The second package arrived at the NAO offices at Buckingham Palace Road where officials continued to be concerned at the non-arrival of the first parcel.

They continued to pursue the issue and eventually, on November 8, managers at Washington decided to tell Paul Gray, the recently appointed chairman of HMRC.

If his junior officials did not realise the gravity of the situation, Mr Gray did. He ordered an inquiry by the Revenue’s investigators who began the search for the missing package.

Mr Gray, a former Treasury civil servant, also knew that his political bosses had to be told. Alistair Darling was at home with his wife in Edinburgh on Saturday, November 10, when a call came through on the secure line reserved for sensitive communications.

Jane Kennedy, a junior Treasury Minister, was on the line with details of the fiasco. Both ministers’ private secretaries listened in to the call.

Within minutes, Mr Darling was on the phone to the Prime Minister. It took him 30 minutes to tell Gordon Brown what, to the best of his knowledge, had happened.

A furious Chancellor demanded an immediate overhaul of security at HMRC but it was a case of closing the stable door. The Chancellor was told on Monday, November 14, that HMRC thought that it was confident of tracing the missing package, but Mr Darling’s patience was running out.

By Wednesday, he said, “it was clear to me that the HMRC searches had failed to find them [the discs]”. He ordered Mr Gray to call in Scotland Yard.

That call was made the next day, November 15, and the Metropolitan Police assigned the inquiry to the Specialist Crime Directorate, which handles sensitive investigations.

Acting Assistant Commissioner Janet Williams was placed in charge of the investigation which initially involved six officers. Within days, as senior officers realised the urgency of the case and the scale of the inquiry, the number of officers was doubled. Personnel were seconded from other forces and an extensive series of searches began.

A source said: “We have no evidence of a crime, but the potential for a crime is there. Something can be regarded as lost when actually it may have been stolen.”

The search is something of a needle in a haystack job. TNT carries about 100,000 pieces of mail for HMRC every night of the working week. The courier firm said that the first package had been sent with general mail and therefore had no “track and trace” facility. A TNT spokesman said: “It has been impossible, in this instance, to conduct an audit to identify if the item entered the system.” Searches have been carried out at the NAO’s London offices, where three officials have been interviewed. A source there said: “The fact is that the package never arrived here.”

The biggest search operation is taking place at the HMRC child benefit headquarters in Washington, where several staff have been interviewed as witnesses. But the searches have been fruitless and huge emphasis is now being placed on fraud prevention.

Apacs, the banking industry body that overlooks payments systems in Britain, was informed last Friday and co-ordinated an escalation of the banks’ systems for pinpointing suspicious transactions.

Millions of transactions are monitored every day and the most advanced systems can track payments in real time. A high-street bank executive said: “We are doing what we normally do, but on a much larger scale. If you are attacked by a fraudster and we suddenly see ‘you’ purchasing £500 worth of jewellery from a shop in eastern Europe, we aim to spot it.”

Experts in identity theft have warned that sophisticated fraudsters might never touch existing accounts, but use the data to obtain credit cards and loans. David Hill, senior security consultant at red24, said: “It may be that the first we see of any criminal activity is in a few months’ time when bills start appearing for goods we haven’t ordered.”

Post haste

March A junior Revenue official sends child benefit payment records to National Audit Office, disregarding security rules. Data later returned

October Further request for information from NAO

October 18 Junior official sends two password-protected disks with all child benefit payment records to NAO using the courier firm TNT, again ignoring security rules. They fail to arrive

Late October More disks sent to NAO, this time by registered post. They arrive safely

November 8 Revenue manager is told that the original two disks failed to arrive

November 10 Alistair Darling, the Chancellor, is told. He demands an investigation and orders searches for disks

November 12 Revenue officials tell Chancellor that they expect the data to be found

November 14 Chancellor told searches have failed to find disks, and decides police should be called in. Paul Gray, the Revenue chairman, offers to resign

November 15 The Chancellor discusses the breach with Richard Thomas, the Information Commissioner

November 20 The Chancellor tells Parliament of the lost disks and announces Mr Gray’s resignation

Explore UK News

• Crime News

• Education News

• Health News

• Scotland News

Times Recommends

• He stole my son, now I’m alone in hell
• Back on the air, but don’t mention Mugabe
• Ten kitchen gadget gift ideas