HMRC has reported that its security systems detected unauthorised access to some taxpayers’ online accounts. Criminals attempted to claim repayments from HMRC using these accounts. Around 100,000 people have been affected, and HMRC has lost £47 million. Guidance is available for those impacted.
Background
This incident, described as an organised crime operation, began in 2024. Criminals accessed the online tax accounts of around 100,000 individuals—mainly those under the Pay As You Earn (PAYE) system—and claimed £47 million in fraudulent repayments.
HMRC confirmed to the Treasury Committee that this was not a cyber-attack. Their systems were not hacked, and no data was stolen directly from HMRC. Instead, criminals used personal information—likely from phishing scams or other sources—to gain access. In many cases, they created new log-in details because the affected individuals did not have an active digital tax account.
There have been arrests linked to the case. HMRC stressed that no taxpayer will be left out of pocket and has published information on what actions they’ve taken and how affected users can regain access.
What HMRC Has Done
For any accounts that were accessed without permission, HMRC has taken steps to secure them by:
- Locking the accounts.
- Deleting log-in credentials (Government Gateway user ID and password).
- Removing any incorrect details from tax records.
- Verifying that no other account information was altered.
Affected taxpayers don’t need to take any action right now. HMRC is sending letters between 4 and 25 June 2025 to those whose accounts were compromised. The letters explain how to securely access your account again.
If you don’t receive a letter, your account likely wasn’t affected.
How to Check for Unauthorised Activity
To review your recent account activity:
- Sign in to HMRC online services.
- Go to the ‘account menu’ and select ‘profile and settings.
- Select ‘sign-in details and then ‘change’.
- In the security console, view your sign-in history and report any suspicious activity.
If you’re using the HMRC App:
- Go to ‘manage your sign-in details’ and log in with your Government Gateway credentials.
For Agents
This update follows reports from tax agents whose HMRC agent accounts were suspended without warning. HMRC explained in recent Agent Updates (March, April, and May 2025) that agent accounts are frequent targets for fraud, as they provide access to many clients’ records.
If HMRC suspects an agent’s account has been compromised, they may suspend it immediately to block further unauthorised access.
What to Do If You’re Affected
If you believe someone has accessed your account without your permission:
- Change your account password immediately.
- Contact HMRC at FraudPreventionCentre@hmrc.gov.uk.
