Fraudsters stole £47 million from HM Revenue and Customs (HMRC) by exploiting more than 100,000 taxpayer accounts through phishing and identity theft, officials revealed during a Treasury Select Committee hearing this week.
The fraud involved criminals using stolen personal data to set up fraudulent online tax accounts in victims’ names, then submitting false claims to siphon off rebates. HMRC stressed that its internal systems were not breached and described the scam as a sophisticated operation in which individuals were tricked into handing over personal information.
“This was not a cyberattack on our systems,” said Angela MacDonald, HMRC’s deputy chief executive. “A lot of money was taken, and it’s very unacceptable.” She noted that many victims had never registered for online tax accounts and were unaware they had been targeted.
HMRC’s chief executive, John-Paul Marks, told MPs that the organisation had taken swift action once the fraud was detected. “We identified the accounts being misused, shut them down, and are working to confirm the identity of genuine customers,” he said.
The scam came to light during a committee hearing, prompting frustration from MPs who said they should have been notified earlier. Dame Meg Hillier, chair of the committee, criticised HMRC for failing to inform Parliament ahead of its scheduled appearance. “Money was got. By criminals. By penetrating the digital system,” she said. “A lot of people would consider that a cybercrime, however you define it.”
Despite the scale of the fraud, HMRC insisted that no individual taxpayers had suffered direct financial losses. Those affected are being contacted and assured that no further action is needed on their part.
Ms MacDonald acknowledged that the scammers had shifted tactics as HMRC improved its fraud detection. “They were moving their method of operation,” she said. “It’s been a challenge to clean up the accounts and ensure we’re speaking to the real customer.”
HMRC confirmed the incident has been reported to the Information Commissioner’s Office, and the case forms part of an ongoing criminal investigation. Arrests were made last year, though further details have not been disclosed.
The revelation has raised fresh concerns about the vulnerability of digital tax systems and the increasing sophistication of cyber-enabled financial fraud. Government sources indicate next week’s spending review will likely include new funding to strengthen HMRC’s digital security infrastructure in response to the breach.
