A sophisticated criminal gang posing as taxpayers has defrauded the UK’s tax authority, His Majesty’s Revenue and Customs (HMRC), out of £47 million by targeting over 100,000 online accounts, officials confirmed on Wednesday.
The large-scale scam, which took place last year, involved phishing techniques to gain unauthorized access to taxpayer accounts and submit fraudulent claims for payments from HMRC. The agency has published full details of the breach on the UK government’s website and assured the public that individual taxpayers did not lose any funds.
“This was an attempt to claim money from HMRC, not an attempt to take any money from you,” HMRC stated in a public notice. While the authority plans to contact affected individuals, it noted that it is “unlikely” most accounts were impacted. Customers are being advised to review their recent account activity and remain alert to suspicious messages or emails claiming to be from HMRC.
Angela MacDonald, HMRC’s deputy chief executive, addressed the issue during a hearing with the Treasury Select Committee, describing the breach as “very unacceptable.” She emphasized that HMRC’s internal systems had not been hacked and that the incident did not involve data being stolen from the department itself.
“This was a criminal operation involving phishing and impersonation. No data was extracted from our systems,” MacDonald clarified, while revealing that arrests had been made following a criminal investigation, including in jurisdictions outside the UK.
The disclosure drew criticism from MPs, who expressed frustration that HMRC had not informed Parliament of the fraud when it first occurred. Committee Chair Dame Meg Hillier said the committee only became aware of the issue through media reports.
The breach has raised serious concerns about the resilience of online systems amid growing threats from cybercriminals. MacDonald said HMRC’s broader security efforts successfully prevented £1.9 billion in fraudulent claims last year, and that further investment is being made to strengthen its digital defenses.
“We are operating in an environment where every organisation is facing some kind of cyber threat,” she told the committee. “It is a continuing piece of work for us to invest in our systems and try to outpace the criminals.”
HMRC continues to investigate the incident and is urging the public to report any suspicious activity linked to their tax accounts.news
