Cyber criminals used phishing attacks to steal £47 million from HMRC by posing as taxpayers and claiming money fraudulently from the authority.
Speaking at a Treasury Select Committee on Wednesday 4 June, HMRC representatives said that the attacks were attempts to claim money fraudulently from HMRC itself, not from customers.
Scammers used phishing attacks to obtain customer details, which they then used to impersonate taxpayers and claim funds from HMRC.
“This is not a cyber attack, we have not been hacked, we have not had data extracted from us,” said HMRC deputy chief executive Angela MacDonald.
HMRC said it has identified and secured the compromised accounts, adding that it a criminal investigation was opened and arrests were made related to the incident last year.
It has reached out to those whose tax accounts were affected by the incident to reassure them that they have not lost money and reiterate that there is no action required from their side.
Only around 0.2% of its PAYE taxpayer account population was affected, HMRC noted.
MacDonald said that the security threats faced by HMRC were shared with other large organisations across the country, and that it is not immune to cyber threats.
“We are living in an environment where cyber threats are facing every single organisation – we are seeing it from organisations large and small. It is a continuing piece of work for us to invest in our systems, like every other organisation, to try and outpace the criminals who are determined to try to extract data and to extract money.”
“HMRC is not immune from this situation, unfortunately, and therefore we have to work hard, the same as every other organisation, to keep trying to outpace it,” she said.
Leave a Reply