Two more discs missing from tax office as search for data continues

Police are investigating the loss of the unencrypted files, which went missing in transit from tax offices in Washington, Tyne and Wear, and contain "sensitive information" about thousands of benefit claimants, including their national insurance numbers and dates of birth. They do not include any bank details. The discs were sent to government offices in London and have yet to be accounted for.

The latest loss emerged as the agency said it was likely that the two discs reported missing earlier this week – containing the personal records of 25 million people – were still in government offices. Yesterday, officials at HMRC sought to allay the fears of child benefit recipients whose names, addresses and bank data were on the first missing discs, which were sent by courier on 18 October to the National Audit Office in London. They have written to the 7.75 million families affected, saying they believe the discs are "still likely to be on government property".

The assurances came as detectives appeared to be convinced that the package never arrived at its intended destination. One theory is that the discs were not delivered by the courier company TNT and were simply thrown away by one of its drivers or a civil servant.

Meanwhile, however, Scotland Yard's specialist economic crime unit was continuing its search of the three-storey HMRC complex on Tyneside yesterday. Officers could be seen looking under desks, peering down radiator grilles and sifting through stacks of unopened mail in the hope of finding the missing CDs.

HMRC officials played down suggestions that the 23-year-old computer worker who downloaded the 25 million records and sent the CDs to the NAO, following talks with supervisors, was already the subject of disciplinary proceedings and had offered to resign. The IT specialist was the first to be blamed for the fiasco but is now being described as a scapegoat. He is in hiding at a hotel in the North-east as managers try to protect his identity and prevent the sort of media scrutiny which led the scientist Dr David Kelly to kill himself over the "dodgy" Iraq dossier row.

The HMRC worker will not face any action until the Cabinet Secretary, Sir Gus O'Donnell, has completed the Government's inquiry into how the data was downloaded in breach of agency procedures three times between March and October. Further questions about data protection standards at HMRC were raised yesterday by a solicitor who works with the agency's prosecution arm. Shawn Williams, of Wolverhampton-based Rose, Williams & Partners, said the firm often received CDs containing personal data from the HMRC with the password included.

He added: "Sometimes there is no security at all, sometimes there are instructions telling you how to access the data, sometimes the password is just written on a compliments slip and included with the disc."