Build those poorly conceived and insecure applications and they will come.

Trust the UK Revenue & Customs service to remind us of this tedious maxim with its online tax credit application system, which has had just had its credibility undermined by another event to add to the grim information theft statistics.

According to a BBC report, on December 1st the website that gathers applications for tax credits had to close after it was discovered that the personal details of 13,000 employees of the Department of Work and Pensions had been stolen by criminals out to scam the system.

And scam it they did. The full details are not clear but it appears that the criminals accessed supposedly secure payroll databases, stole the identity information, and then used this as the basis for fraudulent credit applications. How much has been thieved? Millions of pounds at least.

The implication is that the criminals targeted the government workforce because most of them would be eligible for credits and would not have had their identities challenged as being false. But criminals have long since given up creating fake identities to carry out scams. Why bother when real ones are to be had?

There are actually three failures here. One, the workforce’s identity information was not secured. Two, the online system did not carry out enough checks, and relied on the information entered into the applications database (a fault of conception rather than technology) to make its assessment. Three, there does not appear to have been any layering of security to provide a failsafe in the event that the system was compromised.

How did it come to light? According to newspaper reports, the breach has only now become public because of whistleblowers. They are a security system of last resort.

The one mild compensation is that the insecurity of government systems – and their willingness to hand out sizable sums of money – has temporarily distracted some criminals from attacking the general public directly through weaknesses in the retail banking system.

Attacking the tax payer does at least spread the load over everyone.