Latest news with #TreasuryCommittee
The Independent
10 hours ago
- Business
- The Independent
100,000 HMRC accounts hit as scammers steal £47m in phishing attack
A phishing scam has cost HM Revenue and Customs (HMRC) £47 million, a group of MPs has been told. The personal tax accounts of tens of thousands of people were breached in what two senior civil servants at HMRC described to the Treasury Committee as an "organised crime" incident that began last year. According to John-Paul Marks, the chief executive of HMRC, the UK's tax authority, 100,000 people have been contacted, or are in the process of being contacted, after their accounts were locked down. He added that taxpayers affected by the breach will suffer "no financial loss". Mr Marks told the Committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked if this applied to individual working people's PAYE accounts, not companies, he replied: 'That's right, individuals. To be clear, no financial loss to those individuals. Mr Marks added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year,' Mr Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47 million. 'Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9 billion worth of money which sought to be taken from us by attacks.' Ms MacDonald stressed the breach was 'not a cyber attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Elsewhere, Mr Marks told MPs that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
Mint
11 hours ago
- Business
- Mint
Organized Crime Phishing Took £47 Million From UK Coffers
Organized crime has extracted £47 million from the UK government in a phishing operation, His Majesty's Revenue and Customs officials said operation, which took place last year, involved mimicking taxpayer credentials and claiming payments from HMRC, Angela MacDonald, second permanent secretary and deputy chief executive, told Parliament's Treasury Committee. The incident wasn't a cyberattack and no data from taxpayers was taken, she said. 'That is a lot of money and is very unacceptable,' MacDonald said. The Treasury Committee learned of the incident during a hearing, after asking the HMRC officials about a statement released earlier in the day that said the tax authority had shut down accounts after detecting 'unauthorised access.' HMRC is trying to contact 100,000 people whose accounts have been affected, John-Paul Marks, HMRC first secretary and chief executive, told the committee. Authorities began a criminal investigation that included going outside the UK after HMRC detected the operation in 2024, and arrests have since been made, he said. 'This incident is constrained, it is under control,' he said. The affected accounts are Pay-As-You-Earn, or PAYE, accounts, used by employers to hold employee tax and national insurance payments, Marks said. The entities behind the operation created new PAYE accounts and accessed existing ones to get a repayment from HMRC, he said. Banks have also been affected by the operation to use HMRC's identity information, Marks said. Customers initially contacted HMRC after noticing anomalies in their accounts, Marks said. The tax authority has shut down fake accounts and removed false information as part of its response, he said. The £47 million was taken through three separate payments, MacDonald said. HMRC was able to protect £1.9 million that was sought by the entities behind the operation, she said. To contact the reporter on this story: James Munson in Toronto at correspondents@ contact the editors responsible for this story: Kathy Larsen at klarsen@ Rose Walker at rwalker1@ This article was generated from an automated news agency feed without modifications to text.
The Independent
21 hours ago
- Business
- The Independent
HMRC has lost £47 million in breach of 100,000 taxpayer accounts, MPs hear
HMRC has lost £47 million after a phishing scam breached tens of thousands of tax accounts, a group of MPs has heard. Two senior civil servants at HM Revenue and Customs (HMRC) told the Treasury Committee that 100,000 people have been contacted, or are in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which began last year. Taxpayers who are being affected will suffer 'no financial loss', according to John-Paul Marks, the chief executive of HMRC, the UK's tax authority. Mr Marks told the Committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked if this applied to individual working people's PAYE accounts, not companies, he replied: 'That's right, individuals. To be clear, no financial loss to those individuals. Mr Marks added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year,' Mr Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47 million. 'Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9 billion worth of money which sought to be taken from us by attacks.' Ms MacDonald stressed the breach was 'not a cyber attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Elsewhere, Mr Marks told MPs that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
The Guardian
a day ago
- Business
- The Guardian
100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
HM Revenue & Customs has lost £47m after a phishing scam breached tens of thousands of tax accounts, a group of MPs has heard. Two senior civil servants at the tax authority told the Treasury committee that 100,000 people had been contacted, or were in the process of being contacted, after their accounts were locked down in what the officials said was an 'organised crime' incident that began last year. Taxpayers affected would suffer 'no financial loss', said John-Paul Marks, the HMRC chief executive. He told the committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked whether this applied to individual working people's PAYE accounts, not companies, Marks replied: 'That's right, individuals. To be clear, no financial loss to those individuals.' He added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year', Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47m. Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9bn worth of money which sought to be taken from us by attacks.' MacDonald stressed the breach was 'not a cyber-attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Marks also told the committee that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
South Wales Guardian
a day ago
- Business
- South Wales Guardian
HMRC has lost £47 million in breach of 100,000 taxpayer accounts, MPs hear
Two senior civil servants at HM Revenue and Customs (HMRC) told the Treasury Committee that 100,000 people have been contacted, or are in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which began last year. Taxpayers who are being affected will suffer 'no financial loss', according to John-Paul Marks, the chief executive of HMRC, the UK's tax authority. HMRC officials told us today that 100,000 HMRC customers were victims of a phishing scam, resulting in £47m of losses to the taxpayer. — Treasury Committee (@CommonsTreasury) June 4, 2025 Mr Marks told the Committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked if this applied to individual working people's PAYE accounts, not companies, he replied: 'That's right, individuals. To be clear, no financial loss to those individuals. Mr Marks added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year,' Mr Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47 million. 'Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9 billion worth of money which sought to be taken from us by attacks.' Ms MacDonald stressed the breach was 'not a cyber attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Elsewhere, Mr Marks told MPs that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
