Sequenxa

Horizon Scandal: How Evidence Integrity Failure Destroyed 900+ Lives

January 7, 2026
Horizon Scandal: How Evidence Integrity Failure Destroyed 900+ Lives
The UK Post Office Horizon scandal shows how broken evidence integrity, falsified audit trails, and hidden software defects led to 900+ wrongful convictions.
Category:Case Study

WHAT HAPPENED


Between 1999 and 2015, the United Kingdom's Post Office pursued and secured convictions against over 900 sub-postmasters for theft, fraud, and false accounting. The cause: faulty evidence from the Horizon accounting system developed by Fujitsu. These were not minor convictions. They destroyed lives:


  • 900+ wrongful convictions for theft and fraud

  • 236 subpostmasters imprisoned for crimes they didn't commit

  • 13+ suicides directly linked to false convictions

  • £1.8B compensation ultimately required from taxpayers

  • 16-year concealment of known software bugs by Post Office and Fujitsu


The root cause: Horizon contained critical bugs from 1999 onward. The Post Office discovered these defects but deliberately withheld knowledge from prosecutors, judges, and defense attorneys. Evidence presented as infallible "computer proof" was actually generated by a defective system. Chain of custody documentation was falsifiable, audit trails could be altered remotely, and no independent verification existed.


Prime Minister Rishi Sunak called it "one of the greatest miscarriages of justice in British history."




"Chain of custody is fundamental to provenance and traceability in the supply chain. It also helps the verification of system and component integrity."



HOW IT HAPPENED


1. No Cryptographic Evidence Integrity


Horizon data lacked any proof of integrity. No one could verify whether evidence had been tampered with. Post Office exploited this ambiguity for 16 years.


2. Broken Chain of Custody


Post Office controlled everything: system design, data collection, investigation, prosecution. No independent verification existed. Defendants had no mechanism to audit the chain of custody.


3. Concealment of Known Defects


1999: Fujitsu aware of bugs


2000-2008: Hundreds of subpostmasters report balancing errors; Post Office denies systemic problems


2013: Clarke advice documents "several trials have been misled"


2014: Deloitte discovers Fujitsu technicians could remotely alter branch data without audit trail


2015: Post Office still denies systemic issues while prosecuting innocent people


Result: Concealment took 16 years to unravel and required multiple independent investigations to expose.


4. Falsifiable Audit Trails


Audit logs could be altered. Fujitsu technicians could access branch data remotely without leaving "appropriate audit trail entries" (discovered 2014). No cryptographic seals protected logs from tampering.


5. Expert Witness Unaccountability


Gareth Jenkins (Fujitsu) testified to Horizon's reliability while knowing of specific bugs. No mechanism detected this discrepancy. Post Office did not disclose Jenkins' knowledge of defects to prosecutors or courts.


6. No Independent Oversight


Post Office was simultaneously victim, investigator, and prosecutor. Criminal justice system had no safeguard against institutional corruption or negligence.




"Maintaining evidence integrity isn't just about protecting an item, it's about protecting justice itself. From the moment evidence is collected to the time it's presented in court, every step must be secure, documented, and transparent."



HOW IT COULD HAVE BEEN PREVENTED


1. Cryptographic Evidence Integrity


Every Horizon transaction cryptographically hashed at creation. Any tampering produces different hash, triggering alert. Courts could independently verify evidence integrity. First hash divergence (1999-2000) would have exposed defects immediately.


2. Immutable Audit Trails


Every access, change, remote action logged independently of Horizon system. Cryptographically sealed, no one could alter retroactively. Deloitte's 2014 discovery of remote access would have occurred in 1999 when first remote alteration happened.


3. Blockchain-Backed Chain of Custody


Evidence notarized at each step. Immutable ledger created in 1999: "Horizon bugs documented. Known defects: [list]." This notarization becomes part of evidence chain forever, cannot be unwritten, hidden, or denied.


4. Continuous Compliance Monitoring


Rule: "IF system_defect_discovered AND pending_prosecutions_exist THEN halt_cases_and_notify_all_parties"


Automation would have flagged all pending cases the moment bugs were discovered. Mandatory disclosure automatic, not dependent on Post Office discretion.


5. Zero-Trust Access Control


Fujitsu remote access would require multi-party approval. Every remote session logged. Bulk modifications for bugs would trigger investigation, not implementation.


6. Expert Witness Certification


Jenkins' access to bug documentation cross-referenced against his testimony. System flags: "Witness accessed defect documentation [date], testified without disclosing [date]. Disclosure completeness: INCOMPLETE."




“Trust is managed from the inside out, by running a good business. When a company prioritizes honesty, transparency, and ethical practices in its operations, it naturally earns the trust of its customers, employees, and stakeholders."



LESSONS


1. Trust is not a control; verification is. Evidence must carry cryptographic proof verifiable by any party (defense, prosecution, judge).


2. Compartmentalization enables concealment. Chain of custody must be transparent to all parties with legitimate interest.


3. Remote access without logging is remote fraud. Remote alterations require multi-party approval and immutable session logging.


4. Expert accountability requires automation. Expert disclosures must be auto-verified against their documented knowledge and access patterns.


5. Prosecution conflicts of interest require independent oversight. When one entity controls evidence, investigation, and prosecution, regulatory audit authority is essential.


6. Prevention is cheaper than remediation.



REGULATORY IMPACT


UK: Post Office Horizon Inquiry (ongoing) reviewing all computer evidence presumptions in criminal courts. Likely recommendations: mandatory defect disclosure, independent audit of chain of custody, cryptographic verification of digital evidence integrity.


US: FBI crime lab integrity failures and DNA exoneration cases have created similar demands. DOJ increasingly requires cryptographic evidence integrity certification before evidence can be used in court.



CONCLUSION


The Post Office Horizon scandal proves evidence integrity is mandatory infrastructure. Before Horizon, criminal justice presumed computers were reliable. After Horizon, trust is dead. Evidence must carry cryptographic proof.


We partner with select organizations across key sectors for zero-trust adoption. If you're exploring these priorities and want to connect with our team, you can request an introduction directly through our website.


More Briefings