HM’s revenues and customs have experienced a loss of £47 million due to phishing scams that have compromised tens of thousands of tax accounts, a panel of lawmakers has been informed.
On Wednesday, two senior tax officials briefed the Treasury Commission, reporting that 100,000 individuals have been contacted or are being contacted after their accounts were locked as part of an “organized crime” investigation initiated last year.
John Paul Marks, CEO of HMRC, stated that the affected taxpayers will face “no financial loss.”
He explained to the committee: “About 0.2% of the Pay population is being notified, with approximately 100,000 individuals informed that unusual activity has been detected on their Pay accounts.”
Marks clarified that this pertains to individual workers’ payment accounts, not business accounts.
He further elaborated: “This incident involved organized crime phishing for identity data outside of the HMRC system, which unfortunately affects banks and other entities that utilize that data to set up Payer accounts for refunds or accessing existing accounts.”
He informed MPs of investigations into issues from last year that “involve jurisdictions beyond the UK,” which led to “arrests last year.”
Angela McDonald, HMRC’s deputy chief executive and second permanent secretary, added:
“Ultimately, we successfully protected £19 billion that was targeted during last year’s attacks.”
McDonald made it clear that this breach is “not a cyber attack, there has been no hacking, and data has not been extracted.”
She went on to state: “The act of compromising someone’s system to extract data and implement ransomware constitutes a cyber attack. That is not what transpired here.”
HMRC reported that it has secured the details of the affected accounts and has eliminated logins to prevent future unauthorized access.
Incorrect information has been purged from tax records, and authorities are verifying that no other details have been altered.
Affected individuals will receive notifications from HMRC within the next three weeks.
Marks noted that HMRC’s phone line experienced an outage on Wednesday afternoon, but this was “accidental” and would be “up and running” by Thursday.
A spokesperson for HMRC stated: “We have taken steps to safeguard our customers after identifying attempts to access a minimal amount of tax revenues and will collaborate with law enforcement both domestically and internationally to bring the culprits to justice.
“This was not a cyber attack; instead, it involved criminals utilizing personal information from phishing activities or data obtained from other sources to attempt to claim funds from HMRC.”
“We are sending letters to affected customers to assist in securing their accounts and to reassure them that they have not lost any money.”
Last week, UK banks and payment companies were advised to enhance their anti-fraud systems for international transactions due to a rising number of fraudsters targeting individuals abroad.
Recent statistics indicated that international payments account for 11% of the losses attributed to push payment fraud in 2024.
Source: www.theguardian.com
Discover more from Mondo News
Subscribe to get the latest posts sent to your email.