Latest news with #JohnPaulMarks
Epoch Times
3 days ago
- Business
- Epoch Times
HMRC Loses £47 Million in Phishing Attack on 100,000 Taxpayer Accounts
HMRC has lost £47 million after a phishing scam hit 100,000 pay-as-you-earn (PAYE) tax accounts in an organised crime incident which began last year. The UK's tax authority sought to assure taxpayers in their Following the exposure of the breach, HMRC said it has taken action to protect those accounts by locking them down, deleting login credentials to prevent further unauthorised access, and removing any incorrect information from tax records. The authority said that the attack affected 0.22 percent of the PAYE population. An HMRC spokesperson told The Epoch Times on Thursday: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyberattack—it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. Related Stories 5/21/2025 5/9/2025 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.' HMRC added that while it is not in a position to give further details for operational reasons, they confirmed that arrests have been made. Information 'Not Taken From HMRC' 'Phishing' is when cyber criminals use scam emails, text messages, or phone calls which appear to be from trusted organisations to trick victims into taking a specific action, such as clicking on a link taking them to a website containing malware, or handing over personal information. According to the The revelations were made public on Wednesday via the HMRC website, at the same time senior figures from the tax agency were giving evidence to the Treasury Committee. John Paul Marks, the chief executive of HMRC, told MPs that criminals had used personal data they had obtained through phishing to masquerade as legitimate customers 'to create PAYE accounts to pay themselves a repayment and/or access an existing account.' Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, further clarified that information had been taken from other environments and that 'it had not been taken from HMRC.' File photo of a woman using a laptop as she holds a bank card, dated March 30, 2020. Tim Goode/PA Wire MacDonald told the committee: 'Lots of people who would just 'Pay As You Earn' haven't got an online account because they have no reason to go in to one. So for many instances, the customers were not realising that somebody else was in their account.' However, she added that there were instances of live accounts 'where the criminals had managed to get their details and were logging in as the customer.' Asked to confirm how much money was taken, MacDonald replied: 'They have managed to extract free payments to the tune of £47 million. That is a lot of money, and it's very unacceptable. We have in the last tax year protected £1.9 billion worth of money which sought to be taken from us by attacks.' 'Social Engineering Attack' HMRC officials reiterated during the committee meeting that what occurred was not a cyberattack, with MacDonald saying: 'We have not been hacked. We have not had data extracted from us.' Penetration tester Shaun Webber, who simulates cyberattacks to identify vulnerabilities in systems, told The Epoch Times that generally phishing is classed as a 'social engineering attack,' because it relies on attacking the person rather than a system. 'However, there is overlap, because during phishing, someone might be delivering a payload which would exploit a particular vulnerability,' he said. 'It's definitely one of the most effective ways of getting that initial access,' the cybersecurity professional said, and went on to explain how phishing might be used to penetrate a business. 'Companies spend a lot of time and effort securing their external, internet-facing presence, so there's often no real way of gaining access to the network from an external perspective' because it is 'segmented away from the internal network.' He said that when a criminal sends an employee a phishing email, that employee is already in the internal network, giving the criminal an effective way of getting an initial foothold into a company's internal network. Webber said: 'This is why we have things like zero trust architecture, where even if someone does get into the internal network, it's not just wide open. You still have to reauthenticate for each service you access.' 'For example, if you're suddenly logging in from a different IP address than what you normally log in from, the account would automatically be asked for additional authentication, or be blocked,' the cybersecurity professional said. UK's Cybersecurity Resilience The phishing attack on HMRC comes at a time of broader scrutiny over the cybersecurity resilience of British institutions and businesses. In May, a That same month, the head of the NCSC also
The Independent
5 days ago
- The Independent
‘Unacceptable' amount stolen in HMRC phishing attack
A phishing scam has cost HM Revenue and Customs (HMRC) £47 million after the personal tax accounts of tens of thousands of people were breached. HMRC Chief Executive John-Paul Marks stated that about 100,000 taxpayers have been, or will be, contacted after their accounts were locked down, and those affected will suffer "no financial loss." The breach involved organised crime phishing for identity data to create PAYE accounts and claim repayments, but HMRC Deputy Chief Executive Angela MacDonald clarified it was not a cyber attack, but it was 'unacceptable'. An investigation into the matter led to arrests last year, and HMRC has protected £1.9 billion worth of money from similar attacks in the last tax year. HMRC has locked down affected accounts, removed incorrect information, and will send letters to those affected over the next three weeks to reassure them that their accounts are secure and they have not lost any money.
Irish Times
5 days ago
- Business
- Irish Times
UK tax office hit in €55.8m phishing scam targeting 100,000 taxpayers' online accounts
Hackers stole £47 million (€55.8 million) from Britain's tax office in a phishing attack that targeted the online accounts of around 100,000 taxpayers. The attack, disclosed on Wednesday as officials from His Majesty's Revenue and Customs (HMRC) were before a House of Commons committee, occurred last December. A notice published on the tax authority's website said the attack was 'an attempt to claim money from HMRC' and involved 'unauthorised access to some customers' online accounts'. Recently appointed HMRC chief executive John-Paul Marks said the agency was still in the process of contacting some of those affected. READ MORE Angela MacDonald, HMRC deputy chief executive, said criminals had sought to 'masquerade' as taxpayers and had extracted £47 million from the public purse. The MPs criticised HMRC for not disclosing the attack earlier, with chairwoman Dame Meg Hillier saying the committee 'would expect to get information about this – not have it emerge because of an announcement while you're in the committee room'. HMRC said it had 'locked down affected accounts' and 'removed any incorrect information from tax records'. Mr Marks, who has been in post since April, said the incident took place in December and had affected the accounts of about 100,000 pay-as-you-earn taxpayers. He said affected taxpayers did not need to take any action and the situation was under control. 'This affected 0.2 per cent of the PAYE population, around 100,000 people, who we've written to and are writing to,' Mr Marks said, stressing that there had been 'no financial loss to those individuals'. 'This was organised-crime phishing for identity data out of HMRC systems,' he said, adding that the criminals had sought to use identity data from HMRC systems to create PAYE accounts to pay themselves a repayment or to access an existing account. HMRC's fraud investigation service detected the attack and a criminal investigation was launched, with some arrests made last year, Mr Marks added. Ms MacDonald, who has been in her current position since August 2020, acknowledged that £47 million was 'a lot of money and it's very unacceptable'. She added that HMRC had 'overall, in the last tax year, actually protected £1.9 billion worth of money which sought to be taken from us by attacks'. Cleaning up the accounts and ensuring HMRC was 'talking to the genuine customer and not talking to the criminal' had been a 'challenge' and taken 'some time', Ms MacDonald said, stressing that no cyber breach had occurred. Separately, several of HMRC's phone lines went down on Wednesday because of a system outage. Officials said the outage was not connected to the phishing attack. The UK's most senior tax officials were before the House of Commons treasury select committee to discuss the agency's work and customer service performance, which has come under fire recently. Last year, the National Audit Office, the public spending watchdog, said HMRC's customer service was 'in a declining spiral'. Funding pressures, job cuts and a push to cut costs – by encouraging taxpayers to manage their affairs online – had led to worse call-handling performance, it warned. Speaking to the MPs, Mr Marks set out four key priorities for his leadership: closing the tax gap to bring in an extra £7.5 billion a year; improving customer service; modernising HMRC's systems, including 'improving our cyber resilience'; and boosting trust and engagement. 'Ultimately we want to be that modern trusted tax authority. We know trust is fundamental to good compliance, willingness to pay and confidence in the way we operate,' he added. – Copyright The Financial Times Limited 2025
The Independent
5 days ago
- Business
- The Independent
100,000 HMRC accounts hit as scammers steal £47m in phishing attack
A phishing scam has cost HM Revenue and Customs (HMRC) £47 million, a group of MPs has been told. The personal tax accounts of tens of thousands of people were breached in what two senior civil servants at HMRC described to the Treasury Committee as an "organised crime" incident that began last year. According to John-Paul Marks, the chief executive of HMRC, the UK's tax authority, 100,000 people have been contacted, or are in the process of being contacted, after their accounts were locked down. He added that taxpayers affected by the breach will suffer "no financial loss". Mr Marks told the Committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked if this applied to individual working people's PAYE accounts, not companies, he replied: 'That's right, individuals. To be clear, no financial loss to those individuals. Mr Marks added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year,' Mr Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47 million. 'Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9 billion worth of money which sought to be taken from us by attacks.' Ms MacDonald stressed the breach was 'not a cyber attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Elsewhere, Mr Marks told MPs that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
Malay Mail
5 days ago
- Business
- Malay Mail
Crime ring steals £47m from UK tax office in phishing scam
LONDON, June 5 — Organised criminals stole £47 million (RM270 million) from Britain's tax office last year by using phishing tactics to access more than 100,000 customer accounts and falsely claim payments from the government. A notice posted by His Majesty's Revenue and Customs (HMRC) on the government website on Wednesday disclosed the unauthorised access and said no customers had suffered financial loss. HMRC deputy chief executive Angela MacDonald, speaking to lawmakers in parliament, said fraudsters masquerading as customers had managed to extract three payments, totalling £47 million. 'That is a lot of money, and it's very unacceptable,' she said. Chief executive John-Paul Marks, speaking alongside MacDonald in what was a scheduled committee hearing on the work of the tax office, said a criminal investigation into the incident had taken place last year leading to some arrests. 'This was organised-crime phishing for identity data outwith of HMRC systems,' Marks said. HMRC said it had written to affected customers, locked down their accounts, deleted login details and removed any incorrect information from tax records. Taxpayers did not need to take any action, it added. 'This was an attempt to claim money from HMRC, not an attempt to take any money from you,' the tax office notice said. In a separate statement emailed to Reuters, HMRC said the incident was not a cyberattack. 'It involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC,' the statement said. — Reuters
