Following recent criminal activity in which hackers successfully accessed the online PAYE accounts of 100,000 individuals, the department has opened doors on a new facility to detect and disable fraud
After admitting that losses from a recent wide-scale phishing campaign were £2m higher than previously indicated, HM Revenue and Customs has created a new dedicated unit to tackle fraud.
The tax agency’s newly established Fraud Prevention Centre is comprised of “a multi-functional team led by HMRC’s security department”, according to chief executive John-Paul Marks.
In a letter to parliament’s Public Accounts Committee, the departmental chief added that the centre’s remit will be to focus “on the continued protection, detection and response to identity-related security issues”.
“Additionally, the FPC will deliver enhanced support direct to customers, managing fraud in line with industry best practice,” he added.
The creation of the anti-fraud unit comes shortly after HMRC revealed that cybercriminals had used phishing techniques to access the online PAYE accounts of about 100,000 UK taxpayers.
Losses to the public purse from this incident were originally stated at £47m – but this figure has now been revised to £49m, Marks told MPs.
On 4 June, the department began a three-week process of sending letters to all citizens impacted by the phishing campaign to alert them and “to provide guidance and advice on next steps”.
“[We have] also briefed key stakeholders, including professional bodies representing tax agents, so they could provide support to any affected customers, and [are] supporting affected customers who contacted HMRC directly,” said the CEO’s letter to PAC. “We recognise this incident may be of concern, especially to those customers who may have been affected. The committee should be reassured that HMRC has put comprehensive support in place including a dedicated GOV.UK page and telephone helpline, and provided reassurance that no customers have experienced, or will experience, any financial loss in respect of their tax affairs as a result of this incident. We stand ready to respond to customer needs as they arise.”
He added: “I welcome the committee’s interest in matters related to security and would like to be clear this is the very highest priority for HMRC. We take the security of our customers’ data extremely seriously and HMRC will continue to enhance our security measures and capabilities to tackle the continuous, evolving security challenges faced by all large institutions.”
Related content
- HMRC plans security upgrades to ‘safeguard against sophisticated cyberthreats’
- HMRC creates £500m legacy tech and security programme after merging major projects
- HMRC records 60% rise in serious personal data incidents in FY24
To illustrate the scale of such challenges, the missive indicated that the department “analyses approximately 200 billion events across systems monthly, proactively blocking around 1.5 billion suspicious activities”. During the 2023/24 financial year, the tax agency prevented potential losses of £1.9bn “by stopping fraudulent registrations and repayment claims by criminals”.
“HMRC operates one of the UK’s largest and most complex IT estates,” Marks added. “Like many tax authorities worldwide, our systems are subjected to constant attack.”
The successful attackers who gained access to the accounts of 100,000 PAYE taxpayers – equating to 0.22% of the overall number of users – are subject to an ongoing criminal investigation that was commenced by HMRC last year.
“HMRC’s Audit and Risk Committee was briefed last autumn; and throughout, HMRC has liaised with the Information Commissioner’s Office, whilst actively pursuing the criminal groups, careful to protect confidential live investigations,” the CEO said.
Alongside the start of this investigative work, “Having identified misuse of accounts, HMRC took action to protect customer data and secure compromised accounts”.
According to Marks – whose letter offered MPs a private follow-up briefing on the incident and the department’s response – measures taken included: “identifying and locking down affected online tax accounts; deleting login credentials to prevent further unauthorised access; removing incorrect information added to tax records; [and] checking no other customer details were changed”.
The newly created FPC is currently recruiting for new specialist staff to join the unit, including a potential £70,000-a-year role as the unit’s lead customer analyst.
The successful candidate will “lead advanced data analysis efforts to detect, investigate, and prevent fraudulent activity, while mentoring junior colleagues and shaping the evolution of our fraud intelligence capabilities”, according to the job advert.
“This is a dynamic, high-impact position that will evolve as the team matures—ideal for a proactive, analytical thinker who thrives in ambiguity and is eager to drive innovation,” it added.
