HM Revenue and Customs (HMRC) closed theTax Credits Online portal in December after staff at the Department for Work and Pensions (DWP) had their identities hijacked. A joint investigation by DWP and HMRC has confirmed that the number of stolen identities topped 8,800 all of whom worked in the London region of Jobcentre Plus. Only 4,100 of these were intercepted by HMRC before any payment was made.

While HMRC cannot yet give a precise figure for the overall sums involved, "initial indications are that half of the cases involve sums in excess of £250,000 each".

The most likely source of the stolen data is from Jobcentre Plus's payroll. The information contained names, National Insurance numbers and dates of birth, according to DWP investigators.

They have confirmed that there had been no penetration of the department's mainframe IT systems.

The HMRC Tax Credit Fraud Strategy Board is currently undertaking further investigations. The outcome could see prosecutions in some or all of the cases.

Bourn said the NAO will examine the outcome of these investigations and is looking at the department's actions to address the risks of organised crime, including that arising from stolen identities.

"There are clearly wider lessons to be learned about the secure handling of personal data. I will be reporting on the whole issue when I have further details including the outcomes of the police investigation," he said in the letter.

Meanwhile, DWP is also taking steps to:

• re-educate staff about the proper security of paper and electronic data;
• ensure that the combination of data in the payroll extract does not appear in any future reports, and that only the minimum necessary personal details are used;
• ensure that both electronic and paper data with personal details is in future used and stored securely;
• ensure that access to both electronic and paper data is properly controlled.