Latest news with #JohnPaulMarks
Yahoo
a day ago
- Business
- Yahoo
HMRC set to close Bradford office in 2027 - with staff offered jobs in Leeds
POLITICIANS have expressed "deep disappointment" and called for a "serious rethink" after HM Revenue and Customs (HMRC) confirmed it was pushing ahead with plans to close its office in Bradford - with staff set to be offered jobs in Leeds. Back in 2015, HMRC announced its Centenary Court site would shut in 2020-21 - but then a U-turn was made, with officials saying the base would close in 2027. The Telegraph & Argus has now learned HMRC plans to go ahead and shut its Bradford office in January 2027. Approximately 1,100 people work there. The news was revealed this week to Bradford East Labour MP Imran Hussain in a letter from HMRC chief executive John-Paul Marks, who said: "Colleagues currently based in Bradford will be offered a job in Leeds regional centre and we expect the vast majority of colleagues to continue their career with HMRC." He added: "In addition to financial savings, HMRC's locations strategy is enabling HMRC to operate from a cost-effective estate to better meet the needs of the public." A spokesperson for HMRC added: "We're moving staff to our modern regional centre in Leeds, in line with previously announced plans, so they can work in an environment that enables them to better meet the needs of the public. "It will also save taxpayers' money. "We remain committed to the region, with all 1,100 roles remaining in West Yorkshire." It is understood workers at Bradford's HMRC site were notified of the news on Wednesday. 'We need a serious rethink' Mr Hussain told the T&A: "Bradford is one of the UK's largest cities and should not be treated as a secondary location within West Yorkshire. "Assuming that staff can simply relocate to Leeds ignores the very real challenges many - especially long-serving, highly-skilled employees - will face. "While HMRC has indicated that jobs will remain in the region via relocation to Leeds, this plan misses the opportunity to invest in Bradford's potential and disregards the significant public investment already committed to regenerating the city. Imran Hussain, Bradford East Labour MP (Image: Parliament) "This decision risks draining talent from HMRC, damaging local employment, and undermining confidence in the public sector's commitment to Bradford. "We need a serious rethink - one that puts Bradford's people and future first. "While I understand that the decision to close the Bradford office was made under the previous Government, it doesn't align with the Government's 'opportunities for all' agenda. "Bradford is precisely the kind of city that 'opportunities for all' was meant to support - and withdrawing a major public sector employer undermines that objective." Mr Hussain has now written to James Murray, Exchequer Secretary to the Treasury, to express his "deep concern" - criticising the move as "disappointing and highly disruptive". He said he wanted to "make a last plea to pause the decision and to reconsider this approach". "I hope you can engage meaningfully with local stakeholders to explore alternative options that would retain HMRC's presence in Bradford," he added. "I would be happy to meet with you to discuss the Government's wider plans on locating Government offices in Bradford." 'Bradford has a lot to offer' Councillor Susan Hinchcliffe, leader of Bradford Council, told the T&A she had also written to the minister - saying the Bradford district has "a lot to offer". She said: "We campaigned against the last Government's decision to take good, valuable jobs out of the district and consolidate HMRC staff into fewer offices elsewhere. Councillor Susan Hinchcliffe, leader of Bradford Council (Image: Newsquest) "But the last Government still said no. "So it's very disappointing to see HMRC finally close their doors and go. "Many private sector organisations and businesses have chosen to locate in Bradford district and there's no reason why we, as one of the biggest cities in the country, can't host other Government initiatives, programmes or departments. "Given the strongly stated intention from this new Government to put more in the regions outside London, I've written to the minister requesting a discussion on which opportunities might be available for Bradford in the future. "We have a lot to offer."
The Independent
12-06-2025
- Business
- The Independent
HMRC boss ‘regrets' frustrations over £49m phishing scam disclosure
HM Revenue and Customs (HMRC) chief executive John-Paul Marks has told MPs that he regrets any frustration over how information about a breach affecting around 100,000 taxpayers was disclosed. The revenue body has faced criticism and questions over why MPs were not informed earlier about the incident. On June 4, it was disclosed that HMRC had lost £47 million after a phishing scam breached tens of thousands of tax accounts. Following updated information published by HMRC on Tuesday, that figure was revised upwards, to £49 million. Senior civil servants at HMRC told the Treasury Committee that 100,000 people had been contacted, or were in the process of being contacted, after their accounts were locked down in what they said was an 'organised crime' incident which started last year. The Treasury Committee, which held a live session on June 4, wrote to Mr Marks earlier this week, telling him that: 'To discover this information during a session from press reports and without adequate time for the committee to review the information in detail is unacceptable.' During a Public Accounts Committee hearing on Thursday, Mr Marks told MPs: 'We welcome your scrutiny.' Mr Marks described the incident as a 'serious, and (an) unacceptable loss of £49 million to the Exchequer, affecting 100,000 of our customers, which is about 0.2% of the PAYE caseload'. He added: 'Given we collect over £840 billion a year, the judgment on materiality is different for HMRC perhaps than other government departments. 'But nonetheless, I agree with the point with regards (to) disclosure, and I will do that in my annual report, which I will publish next month for the first time, so that is, again, properly done according to the rules under public money. 'The final thing really to say, I do regret if there's been any frustration in terms of our handling of this, that was not our intent at all.' He said he would respond to correspondence he had received this week with more detail. Mr Marks continued: 'I welcome your point, with regards (to) the opportunity to have in-private briefings, the level of security threats is significant and constant. 'The team detected and disrupted this one well. There was a criminal investigation. And in (a) private hearing, I'm happy to bring the head of the fraud investigation service, my chief security officer, to explain more about some of that detail but also the threat environment and the way in which we are ensuring HMRC is secure now and secure for the future as well.' Earlier this week, an HMRC spokesperson said: 'We faced a series of evolving and complex criminal attempts to access online tax accounts and our priority has been to protect customers and their accounts. 'Our customers suffered no financial loss as a result. 'Thorough investigation has been necessary to understand the extent of this activity and pursue the criminals responsible. 'We've worked closely with the Information Commissioner's Office throughout to ensure we met our obligations.'
Telegraph
10-06-2025
- Business
- Telegraph
HMRC reprimanded for not revealing phishing attack earlier
HMRC has been reprimanded for not telling MPs for a year about a phishing attack that cost it up to £49 million. The chairman of the Commons Treasury select committee said it was 'unacceptable' that MPs had not been told of the breach until a year after it had happened. The records of up to 100,000 taxpayers were accessed by organised criminals following the attack. Officials only admitted to the breach on the day of a Treasury committee hearing last week, when details were published on a page. On Tuesday, Dame Meg Hillier wrote to John-Paul Marks, the HMRC chief executive, demanding answers and clarifications to more than a dozen questions – including why HMRC had not informed Parliament beforehand about the attacks and whether the tax authority expected to recover any of the missing taxpayers' money. HMRC previously said around £47 million had been lost, but in response to Dame Meg's letter on Tuesday, it revised this total to £49 million. She also asked when ministers and the HMRC board were first made aware of the attack. In a strongly worded four-page letter, the senior Labour MP wrote: 'I am alarmed that it was never deemed necessary to inform Parliament about an issue which affected such a vast number of taxpayers and led to the loss of £47 million of public money. 'To discover this information during a session from press reports and without adequate time for the committee to review the information in detail is unacceptable.' Dame Meg has also asked Mr Marks how 'confident' HMRC is that it has identified all customer accounts targeted affected, whether there have been any convictions and prosecutions in relation to the incident and what the 'implications' are for HMRC's Making Tax Digital programme, which has seen the tax authority push millions of workers to file their tax returns online. The attack came to light on the same day that HMRC's phone lines were hit by a system outage, which meant only those using the specific phone number in the letters to phishing victims were able to call the organisation. Mr Marks told the committee that he believed the phone outage was 'not connected' to the attack and that some arrests had been made last year. In a letter provided in response to Dame Meg's correspondence, Mr Marks offered a 'private briefing' with the committee to 'explore the issue further'. Advising Dame Meg of the new higher total loss, he said: 'Regarding losses to the Exchequer, I would like to correct the oral evidence, as the estimated PAYE revenue losses are £49 million, not £47 million as we stated during the hearing. 'The normal route for notifying losses to Parliament is through the annual report and accounts where HMRC includes individual incidents exceeding £10 million in the trust statement and exceeding £300,000 in the resource accounts in line with managing public money requirements.' Concluding his letter, Mr Marks said: 'I welcome the committee's interest in matters related to security and would like to be clear this is the very highest priority for HMRC. 'We take the security of our customers' data extremely seriously and HMRC will continue to enhance our security measures and capabilities to tackle the continuous, evolving security challenges faced by all large institutions.' Meanwhile, the Association of Chartered Certified Accountants has written to the Treasury committee chairman claiming that it had not received any information from HMRC about the breaches until the issue was raised at the meeting. Glenn Collins, head of technical and strategic engagement at the accountancy trade body, also included survey results which showed just 1 per cent of its members felt HMRC's service levels impacted their organisation and clients' 'productivity and efficiency' positively. Mr Collins wrote: 'We have highlighted to HMRC our frustration that HMRC has not been transparent or timely in its communication over this important issue. 'This disappointing failure to communicate in a timely manner is unfortunately representative of the poor levels of customer service received by agents and taxpayers.' The Telegraph understands that criminals used a variety of methods to obtain login details for taxpayers – including phishing scams and obtaining data stolen from previous leaks. Criminals then posed as legitimate taxpayers to apply for money such as taxpayer rebates Officials told the Treasury committee last Tuesday that the incident was 'not a cyber attack' but instead took the form of multiple phishing attacks 'designed to extract money' from the tax authority, carried out by several organised crime gangs over an extended period last year. Addressing Mr Marks directly at the time, Dame Meg said: 'I think it's perhaps a responsibility that you report to us in the House in parliamentary terms, that we would expect to get information about this and not have it emerge because of an announcement while you're in the committee room – it hasn't been mentioned until we picked up the news story.' A HMRC spokesman said: 'We faced a series of evolving and complex criminal attempts to access online tax accounts and our priority has been to protect customers and their accounts. Our customers suffered no financial loss as a result. 'Thorough investigation has been necessary to understand the extent of this activity and pursue the criminals responsible. 'We've worked closely with the Information Commissioner's Office throughout to ensure we met our obligations.'
Epoch Times
06-06-2025
- Business
- Epoch Times
HMRC Loses £47 Million in Phishing Attack on 100,000 Taxpayer Accounts
HMRC has lost £47 million after a phishing scam hit 100,000 pay-as-you-earn (PAYE) tax accounts in an organised crime incident which began last year. The UK's tax authority sought to assure taxpayers in their Following the exposure of the breach, HMRC said it has taken action to protect those accounts by locking them down, deleting login credentials to prevent further unauthorised access, and removing any incorrect information from tax records. The authority said that the attack affected 0.22 percent of the PAYE population. An HMRC spokesperson told The Epoch Times on Thursday: 'We've acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we're working with other law enforcement agencies both in the UK and overseas to bring those responsible to justice. 'This was not a cyberattack—it involved criminals using personal information from phishing activity or data obtained elsewhere to try to claim money from HMRC. Related Stories 5/21/2025 5/9/2025 'We're writing to those customers affected to reassure them we've secured their accounts and that they haven't lost any money.' HMRC added that while it is not in a position to give further details for operational reasons, they confirmed that arrests have been made. Information 'Not Taken From HMRC' 'Phishing' is when cyber criminals use scam emails, text messages, or phone calls which appear to be from trusted organisations to trick victims into taking a specific action, such as clicking on a link taking them to a website containing malware, or handing over personal information. According to the The revelations were made public on Wednesday via the HMRC website, at the same time senior figures from the tax agency were giving evidence to the Treasury Committee. John Paul Marks, the chief executive of HMRC, told MPs that criminals had used personal data they had obtained through phishing to masquerade as legitimate customers 'to create PAYE accounts to pay themselves a repayment and/or access an existing account.' Angela MacDonald, HMRC's deputy chief executive and second permanent secretary, further clarified that information had been taken from other environments and that 'it had not been taken from HMRC.' File photo of a woman using a laptop as she holds a bank card, dated March 30, 2020. Tim Goode/PA Wire MacDonald told the committee: 'Lots of people who would just 'Pay As You Earn' haven't got an online account because they have no reason to go in to one. So for many instances, the customers were not realising that somebody else was in their account.' However, she added that there were instances of live accounts 'where the criminals had managed to get their details and were logging in as the customer.' Asked to confirm how much money was taken, MacDonald replied: 'They have managed to extract free payments to the tune of £47 million. That is a lot of money, and it's very unacceptable. We have in the last tax year protected £1.9 billion worth of money which sought to be taken from us by attacks.' 'Social Engineering Attack' HMRC officials reiterated during the committee meeting that what occurred was not a cyberattack, with MacDonald saying: 'We have not been hacked. We have not had data extracted from us.' Penetration tester Shaun Webber, who simulates cyberattacks to identify vulnerabilities in systems, told The Epoch Times that generally phishing is classed as a 'social engineering attack,' because it relies on attacking the person rather than a system. 'However, there is overlap, because during phishing, someone might be delivering a payload which would exploit a particular vulnerability,' he said. 'It's definitely one of the most effective ways of getting that initial access,' the cybersecurity professional said, and went on to explain how phishing might be used to penetrate a business. 'Companies spend a lot of time and effort securing their external, internet-facing presence, so there's often no real way of gaining access to the network from an external perspective' because it is 'segmented away from the internal network.' He said that when a criminal sends an employee a phishing email, that employee is already in the internal network, giving the criminal an effective way of getting an initial foothold into a company's internal network. Webber said: 'This is why we have things like zero trust architecture, where even if someone does get into the internal network, it's not just wide open. You still have to reauthenticate for each service you access.' 'For example, if you're suddenly logging in from a different IP address than what you normally log in from, the account would automatically be asked for additional authentication, or be blocked,' the cybersecurity professional said. UK's Cybersecurity Resilience The phishing attack on HMRC comes at a time of broader scrutiny over the cybersecurity resilience of British institutions and businesses. In May, a That same month, the head of the NCSC also
The Independent
05-06-2025
- The Independent
‘Unacceptable' amount stolen in HMRC phishing attack
A phishing scam has cost HM Revenue and Customs (HMRC) £47 million after the personal tax accounts of tens of thousands of people were breached. HMRC Chief Executive John-Paul Marks stated that about 100,000 taxpayers have been, or will be, contacted after their accounts were locked down, and those affected will suffer "no financial loss." The breach involved organised crime phishing for identity data to create PAYE accounts and claim repayments, but HMRC Deputy Chief Executive Angela MacDonald clarified it was not a cyber attack, but it was 'unacceptable'. An investigation into the matter led to arrests last year, and HMRC has protected £1.9 billion worth of money from similar attacks in the last tax year. HMRC has locked down affected accounts, removed incorrect information, and will send letters to those affected over the next three weeks to reassure them that their accounts are secure and they have not lost any money.
