Tax revenue says arrests were made over the 2024 incident.
Attackers hit HMRC and stole around £47 million from 100,000 online accounts.
According to BBC News, the attackers posed as taxpayers and using phishing attacks to gain customer details and attempting to claim rebates. HMRC confirmed that there has already been a criminal investigation with arrests made last year.
Angela MacDonald, HMRC's deputy chief executive, told MPs at an Treasury Select Committee on Wednesday that a "lot of money" was taken and "it's very unacceptable".
HMRC's permanent secretary and chief executive John-Paul Marks told the committee "a lot of work [was] then done to intercept this incident. We identified and locked down the compromised accounts."
Mike Britton, CIO at Abnormal AI, said governments will always be popular targets for attackers as they often work with a range of third-party contractors and public projects.
“Due to vast transparency and disclosure requirements, details on these third parties, as well as staff, operations and procedures, are publicly available,” he said. “This makes it a lot easier for cyber-criminals to exploit information and craft more targeted emails.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
