Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Around 100,000 UK taxpayers were affected by a phishing attack last year that targeted online accounts at HM Revenue & Customs, the tax authority disclosed on Wednesday.
A notice on the agency’s website said the attack was “an attempt to claim money from HMRC” and involved “unauthorised access to some customers’ online accounts”.
The disclosure was made as HMRC’s new chief executive John-Paul Marks was speaking to MPs on the House of Commons Treasury select committee. The MPs criticised HMRC for not disclosing the attack earlier.
HMRC said it had “locked down affected accounts” and “removed any incorrect information from tax records”.
Marks, who has been in post since April, said the incident had taken place last year and had affected around 100,000 taxpayers’ pay-as-you-earn accounts. He said that affected taxpayers did not need to take any action and the situation was under control.
“This affected 0.2 per cent of the PAYE population, around 100,000, who we’ve written to and are writing to,” Marks said. He stressed that “no financial loss to those individuals” had occurred.
“This was organised-crime phishing for identity data out of HMRC systems,” he added.
This is a developing story
