The agency revealed on Wednesday that organized criminals stole £47 million in last year's phishing attack, targeting online accounts of about 100,000 British taxpayers.
The notice posted on the Inland Revenue Agency website said the attack was an "attempt to claim funds from the HMRC" and involved "unauthorized access to certain customers' online accounts."
HMRC deputy chief executive Angela MacDonald said the criminals had tried to "put on makeup" taxpayers and withdraw £47 million from public wallets.
The disclosure appeared with new HMRC CEO MacDonald and John-Paul Marks, providing evidence of the agency’s work and customer service performance to the Commons House of Scive of Commons Theresury Theresury Select, which has recently come under fire.
Members of Congress criticized the HMRC for not revealing the attack earlier, and Chairman Meg Hillier said the committee “expects to get information about this – no information about the matter will appear due to your announcement when you were in the committee room.”
HMRC said it has "locked the affected accounts" and "deleted any incorrect information from the tax records".
Marks, who has held a position since April, said the incident occurred in December and affected the accounts of about 100,000 paid taxpayers.
He said the affected taxpayers need not take any action and the situation is under control.
"This affects 0.2% of the Ped population of about 100,000 people we write and write to," Max said.
"This is an organized crime phishing targeting identity data from the HMRC system," he said, adding that criminals are trying to use identity data from the HMRC system to create a PAYE account to pay for repayment or access to existing accounts.
Marks added that the HMRC's Fraud Investigation Bureau detected the attack and conducted a criminal investigation, with several arrests last year.
MacDonald, who began his role in August 2020, admitted that £47 million is "a lot of money, which is very unacceptable". She added that HMRC “in general, in the last tax year, actually protected £1.9 billion worth of funds in an attempt to take it from us by attacks”.
MacDonald said cleaning up accounts and ensuring that HMRC “talks to real customers, not to criminals” was a “challenge” and took “for a while.”
Additionally, several HMRC phone lines fell on Wednesday due to system disruption. Officials say the power outage has nothing to do with the phishing attack.
Last year, the National Audit Office, a public spending regulator, said HMRC’s customer service “a spiral decline”. It warns that the driving force of layoffs and cost-cutting has led to worse call handling performance by encouraging taxpayers to manage their affairs online.
In his speech by the MP, the tag sets four key priorities for his leadership: closing the tax gap, adding an additional £7.5 billion per year, improving customer service, modernizing the HMRC system, including “improving our cyber resilience”, and increasing trust and engagement.
"Ultimately, we want to be a trusted tax institution in the modern era. We know that trust is the basis of good compliance, willingness to give and confidence," he added.