The tax authorities have announced that fraudsters steel £ 47 million from HM Revenue and Customs (HMRC), using phishing tactics to more than 100,000 taxpayer accounts.
The large-scale fraud was exposed during a hearing from the Finance selection committee, in which high-ranking HMRC officials were criticized for not informing the MPs before. According to the department, the criminals used stolen personal details to issue taxpayers and claim incorrect tax discounts, which means that the funds determined for legitimate claims were derived.
HMRC has emphasized that this was not a cyber attack or a data injury to its internal systems, but a sophisticated case of identity theft. Criminal used phishing methods in which people are caused to give personal information to create new online tax accounts in the names of the victims.
Angela Macdonald, deputy managing director of HMRC, told MPs: “A lot of money was taken and it is very unacceptable.” She added that many of those affected had never created online tax accounts and would not have been aware that they were targeted.
John-Paul Marks, Chief Executive from HMRC, said that the organization has identified the compromised accounts since then and locked them up. “We took significant measures to intercept this incident,” he said. “We have found that the abused accounts were closed and have worked on confirming the identity of real customers.”
Despite the extent of the fraud, the HMRC said that no individual taxpayers have lost money. All affected customers are contacted to confirm that their accounts are now safe and that they do not have to take any further measures.
However, the MPs expressed concern about the lack of warning of the HMRC about the extent of the problem. Dame Meg Hillier, chairman of the Treasury Committee, said she had only learned press reports from fraud. “It would be normal to advise Parliament on something like this if they were to appear in front of a committee,” she said spelled during the hearing.
She added: “Money was preserved. By criminals. By entering the digital system. Many people would consider that a cyber crime, however they define it.”
Ms. Macdonald explained that the fraudsters adjusted their tactics when the fraud reaction from HMRC tightened. “They moved their Mo (company method),” she said. “It was a challenge to clean up the accounts and be sure that we deal with the real customer, not with the fraudster.”
She confirmed that the HMRC had reported the incident to the information commissioner and acted on his advice. “We are in an environment in which every organization of a kind of cyber threat is exposed,” she said. “It is a persistent work for us to invest in our systems to exceed the criminals.”
While the HMRC insisted that it had taken extensive steps to secure its systems, it is expected that the review of government expenditure next week will include a new financing in the digital defense of HMRC after concerns about increasing online fraud.
The fraud emphasizes growing risks for digital tax systems, since criminal demanding identity fraud and phishing techniques exploit to manipulate the government platforms. The case is now part of an ongoing criminal investigation, and arrests were made last year, HMRC confirmed.