Skip to content
July 7, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Data Leak
  • British Tax Agency HMRC Alleged to Collect 5.1 Million British Voice Records
  • Data Leak

British Tax Agency HMRC Alleged to Collect 5.1 Million British Voice Records

Do Son June 26, 2018 3 minutes read
Add Daily CyberSecurity as a preferred
source on Google

A British privacy and civil liberties organization found that the HM Revenue and Customs (HMRC) has collected more than 5.1 million British voice records.

HMRC was accused of collecting these voice records through a new service launched in January 2017. The service is named “Voice ID” and allows British citizens to authenticate themselves with their voice when calling the HMRC call center.

When it was released, the HMRC website claimed that users could choose not to use this feature and continue to authenticate and prove their identity through conventional methods.

However, a survey conducted by the privacy protection organization Big Brother Watch found that when calling the HMRC support line, there was no option to opt out. All callers were forced to record tracks for use with voice recognition services.

The only way to avoid creating tracks is to say “no” three times during the track’s creation, which was discovered by privacy researchers. This process is described in detail in the survey report of Big Brother Watch.

Unfortunately, the Voice ID system does not directly indicate this option and asks the user for a speech sample each time he dials.

Members of the Big Brother Watch believe that HMRC did not provide a simple way to withdraw, thereby infringing the rights of users.

In addition, after a lengthy and complicated process, users can only choose not to use speech recognition for the authentication process, but users cannot delete their speech patterns from the HMRC database.

Big Brother Watch stated that it had submitted FOIA requests, but HMRC officials declined to disclose how users removed their recordings from the HMRC database. At the same time, HMRC officials also declined to disclose the contents of voice recordings that were shared with other third parties and government agencies. The only detail revealed by HMRC officials is that on March 13, 2018, the Voice ID system had more than 5.1 million users.

The privacy protection organization believes that HMRC has clearly violated the GDPR (EU General Data Protection Regulations) and did not allow Britons to obtain their own choices, nor did they provide them with a simple way to revoke their licenses to delete their personal Biometric data.

Officials at Big Brother Watch are currently urging users to file complaints with HMRC and submit another complaint about HMRC to the Office of the United Kingdom’s National Data Protection Agency (ICO).

The privacy protection organization stated that it has informed ICO officials about the results of this investigation, and the latter has started an official investigation of HMRC’s conduct.

Related coverage

  • NB65 leaked the Kaspersky antivirus source code
  • HR software PageUp has been compromised by malicious software
  • CIEE Data Breach Exposes 248K Brazilian Records: Medical Reports, CVs, & Videos Leaked from Google Cloud
  • Cyber Fattah Breach: Pro-Iranian Hackers Leak Saudi Games Athlete Data in Targeted Info Op
  • Censorship as a Service: Leak Exposes Public-Private Collaboration in Chinese Cyberspace Monitoring

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: British Tax Agency HMRC

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
  • CVE-2026-45659CVSS 8.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 1, 2026
  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-13019CVSS 9.8
    Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and...
  • CVE-2026-53483CVSS 9.8
    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
  • CVE-2026-53481CVSS 9.8
    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
  • CVE-2026-27823
    ## Summary A critical vulnerability has been identified in EGroupware that may...
  • CVE-2026-33264CVSS 9.8
    A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when...
  • CVE-2026-4375CVSS 9.0
    The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65...
  • CVE-2026-14345CVSS 9.8
    The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click...
  • CVE-2026-12375CVSS 9.8
    The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after...
  • CVE-2026-34048CVSS 9.9
    Coolify is an open-source and self-hostable tool for managing servers, applications, and...
  • CVE-2026-34047CVSS 9.9
    Coolify is an open-source and self-hostable tool for managing servers, applications, and...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.