Latest news with #John-PaulMarks
Yahoo
12-06-2025
- Business
- Yahoo
HMRC boss ‘regrets' frustrations over £49m phishing scam disclosure
HM Revenue and Customs (HMRC) chief executive John-Paul Marks has told MPs that he regrets any frustration over how information about a breach affecting around 100,000 taxpayers was disclosed. The revenue body has faced criticism and questions over why MPs were not informed earlier about the incident. On June 4, it was disclosed that HMRC had lost £47 million after a phishing scam breached tens of thousands of tax accounts. Following updated information published by HMRC on Tuesday, that figure was revised upwards, to £49 million. Senior civil servants at HMRC told the Treasury Committee that 100,000 people had been contacted, or were in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which started last year. The Treasury Committee, which held a live session on June 4, wrote to Mr Marks earlier this week, telling him that: 'To discover this information during a session from press reports and without adequate time for the committee to review the information in detail is unacceptable.' During a Public Accounts Committee hearing on Thursday, Mr Marks told MPs: 'We welcome your scrutiny.' Mr Marks described the incident as a 'serious, and (an) unacceptable loss of £49 million to the Exchequer, affecting 100,000 of our customers, which is about 0.2% of the PAYE caseload'. He added: 'Given we collect over £840 billion a year, the judgment on materiality is different for HMRC perhaps than other government departments. 'But nonetheless, I agree with the point with regards (to) disclosure, and I will do that in my annual report, which I will publish next month for the first time, so that is, again, properly done according to the rules under public money. 'The final thing really to say, I do regret if there's been any frustration in terms of our handling of this, that was not our intent at all.' He said he would respond to correspondence he had received this week with more detail. Mr Marks continued: 'I welcome your point, with regards (to) the opportunity to have in-private briefings, the level of security threats is significant and constant. 'The team detected and disrupted this one well. There was a criminal investigation. And in (a) private hearing, I'm happy to bring the head of the fraud investigation service, my chief security officer, to explain more about some of that detail but also the threat environment and the way in which we are ensuring HMRC is secure now and secure for the future as well.' Earlier this week, an HMRC spokesperson said: 'We faced a series of evolving and complex criminal attempts to access online tax accounts and our priority has been to protect customers and their accounts. 'Our customers suffered no financial loss as a result. 'Thorough investigation has been necessary to understand the extent of this activity and pursue the criminals responsible. 'We've worked closely with the Information Commissioner's Office throughout to ensure we met our obligations.'
Yahoo
12-06-2025
- Business
- Yahoo
HMRC boss ‘regrets' frustrations over £49m phishing scam disclosure
HM Revenue and Customs (HMRC) chief executive John-Paul Marks has told MPs that he regrets any frustration over how information about a breach affecting around 100,000 taxpayers was disclosed. The revenue body has faced criticism and questions over why MPs were not informed earlier about the incident. On June 4, it was disclosed that HMRC had lost £47 million after a phishing scam breached tens of thousands of tax accounts. Following updated information published by HMRC on Tuesday, that figure was revised upwards, to £49 million. Senior civil servants at HMRC told the Treasury Committee that 100,000 people had been contacted, or were in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which started last year. The Treasury Committee, which held a live session on June 4, wrote to Mr Marks earlier this week, telling him that: 'To discover this information during a session from press reports and without adequate time for the committee to review the information in detail is unacceptable.' During a Public Accounts Committee hearing on Thursday, Mr Marks told MPs: 'We welcome your scrutiny.' Mr Marks described the incident as a 'serious, and (an) unacceptable loss of £49 million to the Exchequer, affecting 100,000 of our customers, which is about 0.2% of the PAYE caseload'. He added: 'Given we collect over £840 billion a year, the judgment on materiality is different for HMRC perhaps than other government departments. 'But nonetheless, I agree with the point with regards (to) disclosure, and I will do that in my annual report, which I will publish next month for the first time, so that is, again, properly done according to the rules under public money. 'The final thing really to say, I do regret if there's been any frustration in terms of our handling of this, that was not our intent at all.' He said he would respond to correspondence he had received this week with more detail. Mr Marks continued: 'I welcome your point, with regards (to) the opportunity to have in-private briefings, the level of security threats is significant and constant. 'The team detected and disrupted this one well. There was a criminal investigation. And in (a) private hearing, I'm happy to bring the head of the fraud investigation service, my chief security officer, to explain more about some of that detail but also the threat environment and the way in which we are ensuring HMRC is secure now and secure for the future as well.' Earlier this week, an HMRC spokesperson said: 'We faced a series of evolving and complex criminal attempts to access online tax accounts and our priority has been to protect customers and their accounts. 'Our customers suffered no financial loss as a result. 'Thorough investigation has been necessary to understand the extent of this activity and pursue the criminals responsible. 'We've worked closely with the Information Commissioner's Office throughout to ensure we met our obligations.' Sign in to access your portfolio
Western Telegraph
07-06-2025
- Business
- Western Telegraph
HMRC admits £47 million loss in breach of taxpayer accounts
Two senior civil servants at HM Revenue and Customs (HMRC) told the Treasury Committee that 100,000 people have been contacted, or are in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which began last year. Taxpayers who are being affected will suffer 'no financial loss', according to John-Paul Marks, the chief executive of HMRC, the UK's tax authority. Mr Marks told the Committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked if this applied to individual working people's PAYE accounts, not companies, he replied: 'That's right, individuals. To be clear, no financial loss to those individuals. Mr Marks added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year,' Mr Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47 million. 'Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9 billion worth of money which sought to be taken from us by attacks.' Get your tax return done early and find out sooner if you're owed money. ⏲️ We'll let you know if you've overpaid tax after you file your Self-Assessment tax return and refund you. 💷 File today. 👇 — HM Revenue & Customs (@HMRCgovuk) June 3, 2025 Ms MacDonald stressed the breach was 'not a cyber attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Elsewhere, Mr Marks told MPs that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. Recommended reading: An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
North Wales Chronicle
05-06-2025
- Business
- North Wales Chronicle
HMRC admits £47 million loss in breach of taxpayer accounts
Two senior civil servants at HM Revenue and Customs (HMRC) told the Treasury Committee that 100,000 people have been contacted, or are in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which began last year. Taxpayers who are being affected will suffer 'no financial loss', according to John-Paul Marks, the chief executive of HMRC, the UK's tax authority. Mr Marks told the Committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked if this applied to individual working people's PAYE accounts, not companies, he replied: 'That's right, individuals. To be clear, no financial loss to those individuals. Mr Marks added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year,' Mr Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47 million. 'Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9 billion worth of money which sought to be taken from us by attacks.' Get your tax return done early and find out sooner if you're owed money. ⏲️ We'll let you know if you've overpaid tax after you file your Self-Assessment tax return and refund you. 💷 File today. 👇 Ms MacDonald stressed the breach was 'not a cyber attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Elsewhere, Mr Marks told MPs that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. Recommended reading: An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
Glasgow Times
05-06-2025
- Business
- Glasgow Times
HMRC admits £47 million loss in breach of taxpayer accounts
Two senior civil servants at HM Revenue and Customs (HMRC) told the Treasury Committee that 100,000 people have been contacted, or are in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which began last year. Taxpayers who are being affected will suffer 'no financial loss', according to John-Paul Marks, the chief executive of HMRC, the UK's tax authority. Mr Marks told the Committee: 'It's about 0.2% of the PAYE population, around 100,000 people, who we have written to, are writing to, to notify them that we detected activity on their PAYE account.' Asked if this applied to individual working people's PAYE accounts, not companies, he replied: 'That's right, individuals. To be clear, no financial loss to those individuals. Mr Marks added: 'This was organised crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account.' An investigation into the matter, which took place last year 'including jurisdictions outside the UK', led to 'some arrests last year,' Mr Marks told MPs. Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, added: 'At the moment, they've managed to extract repayments to the tune of £47 million. 'Now that is a lot of money, and it's very unacceptable. 'We have overall, in the last tax year, we actually protected £1.9 billion worth of money which sought to be taken from us by attacks.' Get your tax return done early and find out sooner if you're owed money. ⏲️ We'll let you know if you've overpaid tax after you file your Self-Assessment tax return and refund you. 💷 File today. 👇 — HM Revenue & Customs (@HMRCgovuk) June 3, 2025 Ms MacDonald stressed the breach was 'not a cyber attack, we have not been hacked, we have not had data extracted from us'. She later added: 'The ability for somebody to breach your systems and to extract data, to hold you to ransomware and all of those things, that is a cyber attack. That is not what has happened here.' HMRC said it had locked down affected accounts and deleted log-in details to prevent future unauthorised access. Any incorrect information has been removed from tax records and officials have checked to ensure no other details have been changed. People affected will receive a letter from HMRC over the next three weeks. Elsewhere, Mr Marks told MPs that HMRC phone lines were down on Wednesday afternoon, but said this was 'coincidental'. They will be 'back up and available in the morning', he added. Recommended reading: An HMRC spokesperson said: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyber-attack – it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.'
