Tax Agencies Under Massive Cyber Attack in 2024
HMRC loses £47M to phishing attack affecting 100,000+ accounts. Learn how criminals exploited tax systems in UK and Canada cybercrimes.
Tax Scam
By Elke Porter | WBN News Global | June 5, 2025
Subscription to WBN and being a Contributor is FREE!
Last year, Britain's tax collection agency fell victim to one of the most significant cybercrime attacks in its history, with organized criminals successfully stealing £47 million ($63.76 million) through an elaborate phishing scheme that compromised over 100,000 taxpayer accounts.
His Majesty's Revenue and Customs (HMRC) disclosed the breach this week, revealing that the attack occurred throughout 2024 and specifically targeted individual taxpayers' online accounts. The criminals used sophisticated phishing tactics to gain unauthorized access to personal tax information and subsequently submitted fraudulent claims for government payments.
The scale of the breach is particularly concerning given HMRC's role as the UK's primary tax collection and payment authority. The affected accounts belonged to individual taxpayers who use the agency's online services to manage their tax affairs, claim refunds, and access various government financial support schemes.
According to HMRC's security systems, the unauthorized access was detected as part of ongoing monitoring efforts. However, critics have questioned why it took months for the agency to publicly disclose the attack, with some MPs expressing concern about the delayed transparency.
The phishing operation appears to have been highly organized, suggesting involvement by professional criminal networks rather than opportunistic hackers. These groups likely used a combination of fake emails, websites, and social engineering techniques to trick taxpayers into revealing their login credentials.
HMRC has since implemented additional security measures and locked down the compromised accounts to prevent further unauthorized access. The agency is working with law enforcement agencies and cybersecurity experts to investigate the full extent of the breach and identify those responsible.
This attack mirrors similar incidents affecting tax agencies globally. Earlier in 2024, Canada's Revenue Agency (CRA) faced its own major security breach when hackers compromised confidential credentials belonging to H&R Block Canada, one of the country's largest tax preparation firms. The criminals used these stolen credentials to access hundreds of Canadian taxpayers' personal accounts, alter direct deposit information, and submit fraudulent returns that netted over $6 million in bogus refunds.
The CRA incident was particularly brazen, with hackers filing returns using legitimate postal codes but fake addresses, including one on the non-existent "Tomato Street." CBC's investigation revealed that the agency had vastly underreported the scale of cyberattacks to Parliament, raising questions about transparency in government cybersecurity reporting.
These parallel incidents in both the UK and Canada highlight the growing threat that sophisticated phishing attacks pose to government agencies and the sensitive financial data they manage. As digital tax services become increasingly prevalent, ensuring robust cybersecurity measures becomes critical for protecting both public funds and taxpayer information from criminal exploitation.
#Tax Scam #Phishing Attack #Cyber Security #HMRC Breach #Tax Fraud #Digital Safety #WBN News Global #Elke Porter
Connect with Elke at Westcoast German Media or on LinkedIn: Elke Porter or contact her on WhatsApp: +1 604 828 8788
Members Discussion