THE INCIDENT OCCURRED LAST DECEMBER, AND HMRC IS BEING CRITICISED FOR ONLY JUST NOTIFYING THE PUBLIC. 09:31, 05 Jun 2025Updated 09:33, 05 Jun 2025 HMRC has announced that around 100,000

online accounts were locked after being targeted by cyber criminals in a phishing attack at the end of last year. Organised crime groups were successful in stealing £47 million in fraudulent

repayments from the tax regulator. The company's chief executive, John-Paul Marks announced this major breach before the House of Commons Treasury select committee on Wednesday, June

4. The tax organisation said it had locked the compromised accounts and removed incorrect information from tax records, with no financial losses to taxpayers themselves. Angela McDonald,

identity data from outside HMRC's systems. Phishing is a method of manipulating users into giving up their information by sending emails or messages posing as legitimate companies or

organisations. Having obtained tax payer information through this process, the criminals then created fraudulent PAYE accounts or accessed existing ones to claim illegitimate repayments from

HMRC. Article continues below Marks told the Treasury Committee: "This was organised crime fishing for identity data, outwith of HMRC systems, stuff that banks and other people will

unfortunately experience, and then using that data to try to create PAYE accounts to pay themselves a repayment and or access an existing account." The attack hasn't been deemed a

cyber crime, but is being viewed by officials as an extended operation that was carried out by multiple crime groups throughout 2024, reported GB News. The PAYE (pay-as-you-earn) system was

targeted specifically by the phishing scam, and around 0.2 per cent of PAYE users were affected. Some arrests were made last year, according to Marks, who said HMRC worked hard to intercept

the attack. An international investigation into the criminal operation has been launched, and HMRC confirmed it had sent notifications to affected customers, emphasising that no action was

required on their part. Individual taxpayers had not suffered financial losses, said Marks- who has been in post as chief executive since April- and he described the situation was described

as being 'under control'. MPs on the Treasury select committee questioned why HMRC waited six months to disclose the December incident to the public, and why taxpayers have only

just been notified of the fraudulent activity concerning their accounts. The extended delay in public notification of the incident has raised concerns amongst committee members about

HMRC's transparency, especially due to the huge number of compromised accounts and the colossal sum of money stolen. Marks said HMRC had written to or are writing to the 100,000 people

whose accounts had been affected, to notify them that activity had been detected on their account. He emphasised that individual tax payers had not seen any financial loss in the scam.

Article continues below JOIN THE DAILY RECORD WHATSAPP COMMUNITY! Get the latest news sent straight to your messages by joining our WhatsApp community today. You'll receive daily

updates on breaking news as well as the top headlines across Scotland. No one will be able to see who is signed up and no one can send messages except the Daily Record team. All you have to

do is CLICK HERE IF YOU'RE ON MOBILE, select 'Join Community' and you're in! If you're on a desktop, simply scan the QR code above with your phone and click

'Join Community'. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don’t like our community, you can check out any

time you like. To leave our community click on the name at the top of your screen and choose 'exit group'. If you’re curious, you can read our Privacy Notice.