£47m lost as cyber thieves hack over 100,000 UK accounts

A massive fraud scandal has rocked Britain’s tax system as organised criminals stole £47 million from the UK tax office through a sophisticated phishing operation..

The heist targeted His Majesty’s Revenue and Customs (HMRC), which confirmed the breach on its website on Wednesday, June 4, 2025.

Organised criminals exploited stolen personal data to file fraudulent claims and steal taxpayer money meant for government payouts.

According to HMRC, the criminals accessed over 100,000 customer accounts using phishing tactics and identity theft.

“This was not a cyberattack,” the agency clarified in its official statement.

“They used personal data obtained from phishing or other external sources to impersonate taxpayers and deceive our system,” it added.

Angela MacDonald, Deputy Chief Executive of HMRC, told Parliament that the fraudsters succeeded in extracting three large payments.

“In total, they stole £47 million. That is a lot of money, and it’s very unacceptable,” she said.

Chief Executive John-Paul Marks explained the attack didn’t penetrate HMRC’s core systems but relied on external data theft.

“This was organised crime using identity data stolen outside HMRC platforms,” Marks said before Parliament’s oversight committee.

He added that the incident occurred in 2024 but was under criminal investigation before the public disclosure this week.

“Several arrests have already been made,” Marks confirmed, though no further details on suspects were released.

The agency has since locked down affected accounts, deleted false claims, and reset login credentials linked to compromised data.

HMRC reassured the public that no taxpayer suffered direct financial losses due to the scam.

“This was an attempt to claim money from us, not from you,” the tax agency said in its notice.

Victims have been notified, and no further action is required from individuals whose accounts were targeted.

Cybersecurity analysts say the breach highlights the ongoing threat of phishing, a simple yet powerful tool for identity theft.

“Phishing remains the easiest method to bypass system security and launch large-scale fraud,” said one expert.

The case has triggered renewed calls in Parliament for stricter security protocols and faster fraud detection systems.

Lawmakers are now pushing for anti-fraud measures to feature prominently in upcoming UK budget proposals.

Experts warn that as digital systems expand, public institutions must increase investments in verification and data protection.

The public now expects HMRC to restore trust, improve oversight, and prevent future financial sabotage.

With confidence shaken and funds lost, the agency faces intense scrutiny and growing pressure to act swiftly.

What to know about HMRC

His Majesty’s Revenue and Customs (HMRC), the United Kingdom’s national tax agency, is once again in the spotlight as it grapples with growing responsibilities, technological reform, and criminal threats.

Formed in 2005 through the merger of Inland Revenue and HM Customs and Excise, HMRC serves as the backbone of Britain’s public revenue system.

The department is responsible for collecting taxes, enforcing customs laws, administering national insurance, and distributing certain state benefits.

With billions of pounds flowing through its systems annually, HMRC plays a central role in funding key public services including healthcare, education, and national infrastructure.

However, recent developments have raised concerns about the agency’s vulnerability to organised cybercrime.

On Tuesday, June 3, HMRC revealed that criminal gangs stole £47 million using phishing scams that compromised over 100,000 taxpayer accounts.

The fraudsters impersonated taxpayers and illegally claimed refunds, exploiting weaknesses in identity verification systems.

HMRC officials confirmed that a criminal investigation had led to several arrests, and that affected accounts had been locked and secured.

Despite the breach, the agency insists that no individual taxpayer lost personal funds.

For Diaspora Digital Media Updates click on Whatsapp, or Telegram. For eyewitness accounts/ reports/ articles, write to: citizenreports@diasporadigitalmedia.com. Follow us on X (Fomerly Twitter) or Facebook