100000 UK taxpayer accounts hit in Â47m phishing attack on HMRC HMRC The Guardian

pMPs on Treasury committee hear that those affected were being contacted and would face âno financial lossâ ppHM Revenue and Customs has lost Â47m after a phishing scam breached tens of thousands of tax accounts a group of MPs has heardppTwo senior civil servants at the tax authority told the Treasury committee on Wednesday that 100000 people had been contacted or were in the process of being contacted after their accounts were locked down in what the officials said was an âorganised crimeâ incident that began last yearppTaxpayers affected would suffer âno financial lossâ said JohnPaul Marks HMRCâs chief executiveppHe told the committee âItâs about 02 of the PAYE population around 100000 people who we have written to are writing to to notify them that we detected activity on their PAYE accountâppAsked whether this applied to individual working peopleâs PAYE accounts not companies Marks replied âThatâs right individuals To be clear no financial loss to those individualsâppHe added âThis was organised crime phishing for identity data outwith of HMRC systems so stuff that banks and others will also unfortunately experience and then trying to use that data to create PAYE accounts to pay themselves a repayment andor access an existing accountâppAn investigation into the matter which took place last year âincluding jurisdictions outside the UKâ led to âsome arrests last yearâ Marks told MPsppAngela MacDonald HMRCâs deputy chief executive and second permanent secretary added âAt the moment theyâve managed to extract repayments to the tune of Â47m Now that is a lot of money and itâs very unacceptableppâWe have overall in the last tax year we actually protected Â19bn worth of money which sought to be taken from us by attacksâppMacDonald stressed the breach was ânot a cyberattack we have not been hacked we have not had data extracted from usâppShe later added âThe ability for somebody to breach your systems and to extract data to hold you to ransomware and all of those things that is a cyberattack That is not what has happened hereâppHMRC said it had locked down affected accounts and deleted login details to prevent future unauthorised accessppAny incorrect information has been removed from tax records and officials have checked to ensure no other details have been changedppPeople affected will receive a letter from HMRC over the next three weeksppMarks also told MPs that HMRC phone lines were down on Wednesday afternoon but said this was âcoincidentalâ adding they will be âback up and availableâ on ThursdayppAn HMRC spokesperson said âWeâve acted to protect customers after identifying attempts to access a very small minority of tax accounts and weâre working with other law enforcement agencies both in the UK and overseas to bring those responsible to justiceppâThis was not a cyberattack â it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRCppâWeâre writing to those customers affected to reassure them weâve secured their accounts and that they havenât lost any moneyâppLast week UK banks and payment firms were urged to strengthen their antifraud systems for international payments after a rise in scammers tricking people into sending money abroadppNew figures revealed that international payments accounted for 11 of authorised push payment scams losses in 2024 â almost double the 2023 figurep