HM Revenue and Customs (HMRC) revealed that it suffered a phishing attack that led to the compromise of around 100,000 personal
tax accounts. The incident was described by HMRC officials as ‘organised crime’, targeting identity data outside HMRC systems.
Scammers managed to extract £47 million through fraudulent PAYE repayments. The breach involved individual PAYE accounts, not corporate ones, and accounts for 0.2% of the PAYE population.
Despite the breach, affected individuals have not suffered financial loss, according to HMRC. They stated that ‘This was organised crime phishing for identity data outwith of HMRC systems,
so stuff that banks and others will also unfortunately experience and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account’
and stressed that this was ‘not a cyber-attack, we have not been hacked, we have not had data extracted from us.’
The attack began last year and involved international jurisdictions. Arrests have been made as part of the investigation. HMRC locked down compromised accounts and has contacted or is in
the process of contacting all affected taxpayers.
You may also like...
-
Thursday, February 6, 2025Read moreChanges to notifications by employers to operate PAYE on a proportion of a globally mobile employee’s income and Overseas Workday Relief
The previous non-domicile rules regarding operating PAYE on a reduced percentage of an employee’s
income (known as Section 690) ended, rep... -
Thursday, January 9, 2025Read more
Car tax update sees a 400% hike in costs for some
Since April 2025, HMRC has reclassified double cab pick-up trucks as cars rather than commercial vehicles.
Previously, pick-ups with payload... -
Sunday, January 5, 2025Read more
HMRC could get new powers in tax avoidance clampdown
Tax avoidance – and specifically those who promote it – has once again been pushed into the spotlight. That’s because of a new review
...
