HMRC are sending letters to approximately 100,000 taxpayers between 4 and 25 June who have been affected by a recent security attack, in which criminals used details they obtained from non-HMRC sources to impersonate individual taxpayers and access their online tax accounts.
If you do not receive a letter, you are not likely to be impacted. If you do receive a letter and have any doubt about this (or any other) HMRC letter, you can check a list of genuine contacts on GOV.U
HMRC have confirmed that no individual will experience a financial loss as a result of the attack. There is also no action required by impacted individuals as HMRC have secured the affected accounts.
Due to the actions taken to secure the affected accounts, if you receive a letter and want to access your online account, you should follow the steps in the letter you to set up an account for HMRC online services and create a new Government Gateway user ID and password.
If you have any concerns, you can email HMRC’s fraud team at FraudPreventionCentre@hmrc.gov.uk or call HMRC on their online services helpdesk on 0300 200 3600 (Monday to Friday, 8am to 6pm) and select the option for ‘unauthorised access of HMRC online accounts’.
You can use the .gov website for information on checking if a letter you’ve received from HMRC is genuine: https://www.gov.uk/guidance/check-if-a-letter-youve-received-from-hmrc-is-genuine
You can find more information on the letters sent by HMRC on the LITRG website here: https://www.litrg.org.uk/news/security-attack-hmrc-online-accounts-find-out-more
