Organized crime has extracted £47 million from the UK government in a phishing operation. The operation involved mimicking taxpayer credentials and claiming payments from HMRC. No data from taxpayers was taken, but the incident has affected 100,000 Pay-As-You-Earn (PAYE) accounts. Authorities have begun a criminal investigation, and arrests have been made. The £47 million was taken through three separate payments, and HMRC was able to protect £1.9 million that was sought by the entities behind the operation.
TPRM report: https://scoringcyber.rankiteo.com/company/hmrc
"id": "hmr745060625",
"linkid": "hmrc",
"type": "Breach",
"date": "6/2025",
"severity": "50",
"impact": "",
"explanation": "Attack limited on finance or reputation: Loss of bank statements, self-assessment details, and other people's National Insurance numbers"{'affected_entities': [{'customers_affected': '100,000',
'industry': 'Public Sector',
'location': 'UK',
'name': 'HMRC',
'type': 'Government'}],
'attack_vector': 'Phishing',
'date_detected': '2024',
'date_publicly_disclosed': '2025',
'description': 'Organized crime extracted £47 million from the UK government '
'in a phishing operation by mimicking taxpayer credentials and '
'claiming payments from HMRC.',
'impact': {'financial_loss': '£47 million',
'systems_affected': ['Pay-As-You-Earn (PAYE) accounts']},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'references': [{'date_accessed': '2025', 'source': 'Bloomberg L.P.'}],
'response': {'communication_strategy': ['Contacting affected customers'],
'containment_measures': ['Shut down fake accounts',
'Removed false information'],
'law_enforcement_notified': True},
'threat_actor': 'Organized Crime',
'title': 'UK Government Phishing Operation',
'type': 'Phishing Operation'}