Hackers stole £47 million (€55.8 million) from Britain’s tax office in a phishing attack that targeted the online accounts of around 100,000 taxpayers.
The attack, disclosed on Wednesday as officials from His Majesty’s Revenue and Customs (HMRC) were before a House of Commons committee, occurred last December.
A notice published on the tax authority’s website said the attack was “an attempt to claim money from HMRC” and involved “unauthorised access to some customers’ online accounts”.
Recently appointed HMRC chief executive John-Paul Marks said the agency was still in the process of contacting some of those affected.
Angela MacDonald, HMRC deputy chief executive, said criminals had sought to “masquerade” as taxpayers and had extracted £47 million from the public purse.
The MPs criticised HMRC for not disclosing the attack earlier, with chairwoman Dame Meg Hillier saying the committee “would expect to get information about this – not have it emerge because of an announcement while you’re in the committee room”.
HMRC said it had “locked down affected accounts” and “removed any incorrect information from tax records”.
Mr Marks, who has been in post since April, said the incident took place in December and had affected the accounts of about 100,000 pay-as-you-earn taxpayers.
He said affected taxpayers did not need to take any action and the situation was under control.
“This affected 0.2 per cent of the PAYE population, around 100,000 people, who we’ve written to and are writing to,” Mr Marks said, stressing that there had been “no financial loss to those individuals”.
“This was organised-crime phishing for identity data out of HMRC systems,” he said, adding that the criminals had sought to use identity data from HMRC systems to create PAYE accounts to pay themselves a repayment or to access an existing account.
HMRC’s fraud investigation service detected the attack and a criminal investigation was launched, with some arrests made last year, Mr Marks added.
Ms MacDonald, who has been in her current position since August 2020, acknowledged that £47 million was “a lot of money and it’s very unacceptable”. She added that HMRC had “overall, in the last tax year, actually protected £1.9 billion worth of money which sought to be taken from us by attacks”.
Cleaning up the accounts and ensuring HMRC was “talking to the genuine customer and not talking to the criminal” had been a “challenge” and taken “some time”, Ms MacDonald said, stressing that no cyber breach had occurred.
Separately, several of HMRC’s phone lines went down on Wednesday because of a system outage. Officials said the outage was not connected to the phishing attack.
The UK’s most senior tax officials were before the House of Commons treasury select committee to discuss the agency’s work and customer service performance, which has come under fire recently.
Last year, the National Audit Office, the public spending watchdog, said HMRC’s customer service was “in a declining spiral”. Funding pressures, job cuts and a push to cut costs – by encouraging taxpayers to manage their affairs online – had led to worse call-handling performance, it warned.
Speaking to the MPs, Mr Marks set out four key priorities for his leadership: closing the tax gap to bring in an extra £7.5 billion a year; improving customer service; modernising HMRC’s systems, including “improving our cyber resilience”; and boosting trust and engagement.
“Ultimately we want to be that modern trusted tax authority. We know trust is fundamental to good compliance, willingness to pay and confidence in the way we operate,” he added. – Copyright The Financial Times Limited 2025
