HMRC bosses confirm arrests after discovering cybercriminals used stolen data to fake PAYE refunds worth £47 million in the UK
Politics

HMRC bosses confirm arrests after discovering cybercriminals used stolen data to fake PAYE refunds worth £47 million in the UK

Imagine checking your tax account only to find out that someone else has already claimed your refund—and they’ve never even met you.

That’s the kind of chaos HM Revenue and Customs (HMRC) has been dealing with after discovering one of the biggest tax fraud stings in recent memory.

£47 Million Stolen in PAYE Rebate Scam

According to HMRC, a group of organised criminals managed to siphon off a staggering £47 million by pretending to be legitimate workers—up to 100,000 identities were used in this slick operation.

Some of the accounts involved were completely fake, while others were actual taxpayers’ profiles that had been compromised.

The criminals used stolen personal data to file for bogus tax rebates through HMRC’s PAYE system.

The fraud went undetected for some time, but has since triggered a widespread investigation and a major crackdown.

HMRC’s New Boss Faces the Fallout

Facing questions from MPs, HMRC’s chief executive JP Marks—who’s just a few months into the job—described the financial hit as a “small loss to the taxpayer,” stressing that no individual customers lost money.

The real damage, he said, was to the public purse.

However, it was Marks’ deputy, Angela McDonald, who laid out the jaw-dropping numbers during a hearing with the Treasury Committee.

She explained that cybercriminals had “phished” for personal details through non-HMRC sources, using that information to either take over existing PAYE accounts or create entirely new ones to file fraudulent claims.

Arrests Already Made in International Investigation

The breach actually happened back in December 2024, but has only recently come to light.

Since then, several arrests have been made as part of a wider international investigation into the scam.

In total, McDonald said HMRC had blocked tens of thousands of accounts and managed to prevent £1.9 billion worth of fraud attempts in the last tax year alone.

While £47 million slipped through the cracks, she emphasized that the majority of attempted attacks had been stopped in their tracks.

What This Means for Taxpayers

HMRC has already contacted—or is in the process of contacting—the roughly 100,000 people affected.

The good news? No action is needed on the customer’s part, and no personal financial losses have been reported.

Marks reassured MPs that this was a case of external identity theft rather than a breach of HMRC’s own systems.

In other words, the attackers used information stolen elsewhere to access HMRC services—not because the system was hacked.

HMRC Phone Lines Down Amid Ongoing Pressure

As if things weren’t hectic enough, Marks also confirmed that HMRC’s phone lines had gone down temporarily.

The issue appears to be unrelated to the fraud incident, and the lines are expected to be back up the following morning.

What’s Next?

Expect more arrests and tighter digital security measures from HMRC going forward.

For now, the focus remains on patching vulnerabilities and regaining public trust.

And if you’re a taxpayer, the key takeaway is simple: check your accounts regularly and stay alert for any suspicious activity—even if HMRC says you’re not directly affected.