1 day ago
11
HM Revenue & Customs has lost £47m after a phishing scam breached tens of thousands of tax accounts, a group of MPs has heard.
Two senior civil servants at the tax authority told the Treasury committee that 100,000 people had been contacted, or were in the process of being contacted, after their accounts were locked down in what the officials said was an “organised crime” incident that began last year.
Taxpayers affected would suffer “no financial loss”, said John-Paul Marks, the HMRC chief executive.
He told the committee: “It’s about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.”
Asked whether this applied to individual working people’s PAYE accounts, not companies, Marks replied: “That’s right, individuals. To be clear, no financial loss to those individuals.”
He added: “This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.”
An investigation into the matter, which took place last year “including jurisdictions outside the UK”, led to “some arrests last year”, Marks told MPs.
Angela MacDonald, HMRC’s deputy chief executive and second permanent secretary, added: “At the moment, they’ve managed to extract repayments to the tune of £47m. Now that is a lot of money, and it’s very unacceptable.
“We have overall, in the last tax year, we actually protected £1.9bn worth of money which sought to be taken from us by attacks.”
MacDonald stressed the breach was “not a cyber-attack, we have not been hacked, we have not had data extracted from us”.
She later added: “The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber-attack. That is not what has happened here.”
HMRC said it had locked down affected accounts and deleted login details to prevent future unauthorised access.
Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed.
People affected will receive a letter from HMRC over the next three weeks.
Marks also told the committee that HMRC phone lines were down on Wednesday afternoon, but said this was “coincidental”. They will be “back up and available in the morning”, he added.
An HMRC spokesperson said: “We’ve acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we’re working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice.
“This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. We’re writing to those customers affected to reassure them we’ve secured their accounts and that they haven’t lost any money.”
