An organised crime gang has stolen £47 million ($64 million) from the UK’s tax office by hacking into over 100,000 customer accounts and fraudulently claiming government payments.
His Majesty’s Revenue and Customs (HMRC) confirmed the breach but assured taxpayers that no individuals lost money.
According to HMRC, criminals used stolen personal data, likely obtained through phishing emails or from third-party sources, to either access or create fake PAYE (Pay As You Earn) tax accounts. These fake profiles were then used to submit fraudulent claims and siphon funds from the system.
SEE: Password Management Policy (TechRepublic Premium)
‘A Lot of Money, Very Unacceptable’
HMRC’s deputy chief executive, Angela MacDonald, revealed the theft during a Treasury Select Committee hearing on Wednesday. “That is a lot of money, and it’s very unacceptable,” she told lawmakers, as reported by Reuters.
HMRC chief executive John-Paul Marks clarified that this was “organised-crime phishing for identity data outwith of HMRC systems,” meaning the criminals did not hack HMRC directly but used stolen information from elsewhere.
Despite the large-scale fraud, HMRC insists this was not a cyberattack. “We have not been hacked, we have not had data extracted from us,” MacDonald told MPs. Instead, criminals used personal details, possibly stolen from banks or other organisations, to trick the system into approving fake tax refunds.
HMRC has already locked down affected accounts, removed incorrect information, and reset login details. A criminal investigation was launched, including in jurisdictions outside the UK, which has led to some arrests.
Members of Parliament were not pleased to hear about the scam only after it appeared in the news. Committee Chair Dame Meg Hillier criticized the agency for failing to notify them earlier. HMRC officials admitted they had not proactively written to the committee when the fraud was first discovered.
This has added to growing concerns about how secure personal information really is, especially as criminals become more creative and determined. While £47 million was stolen, HMRC also reported that their systems prevented around £1.9 billion in other attempted frauds last year.
Citizens urged to stay vigilant
With phishing scams on the rise, HMRC is urging taxpayers to be vigilant for suspicious emails, texts, or phone calls claiming to be from the tax office. These could be linked to similar fraud attempts.
If you receive a letter from HMRC or notice unusual activity on your account, it’s important to follow instructions carefully and avoid responding to unofficial messages.
