Important Update on HMRC Online Account Security

In recent days, HM Revenue & Customs (HMRC) has alerted the public to incidents of unauthorised access to certain online tax accounts. We believe it is vital to share a clear summary of the issue and outline the steps you can take to protect yourself.

What Happened?

HMRC’s security systems recently detected attempts by fraudsters to access online tax accounts. This unauthorized activity was not an attempt to steal funds directly from you but was instead aimed at fraudulently claiming tax repayments from HMRC. The department has confirmed that:

  • Affected Account Protections: HMRC has locked down compromised accounts by deleting the login credentials (Government Gateway user ID and passwords) and removing any incorrect data from the associated tax records. 
  • Notification Process: Affected individuals are being contacted by HMRC through letters, which will be sent between 4 June 2025 and 25 June 2025. The communication provides guidance on how to regain access to the affected accounts securely. 
  • Ongoing Efforts: Although early media reports have highlighted the incident—including coverage on reputable sites such as the BBC—the government page on unauthorised access clarifies that there is no direct risk of financial loss for the affected individuals[HMRC guidance, BBC News

What Does This Mean for You?

If you have an active HMRC online account, here is what you need to know:

  • No Immediate Action Required: If you have not yet received a letter from HMRC confirming that your account has been touched by this incident, it is unlikely that your account has been affected. 
  • Stay Informed: HMRC encourages customers to check their recent account activity. By signing into your HMRC online services account, you can review your sign-in history and verify that no suspicious access events have occurred.
  • Potential for Future Communication: Even if your account is secure, remain alert to any correspondence claiming to be from HMRC. Official letters will include clear instructions and will always come from verified HMRC contact details.

Recommended Actions for Enhanced Security

Even when there is no evidence of direct financial loss, taking proactive steps to secure your online accounts is always a good idea. We recommend the following:

1. Review Your Account Activity:

  • Log into your HMRC online account.
  • Check the sign-in history via the profile or account settings.
  • Report any unfamiliar activity immediately through HMRC’s official channels.

2. Change Your Password:

  • If you notice any irregular activity or if you have any doubts about your account security, update your password promptly.
  • Use a strong, unique password that is not used on any other site.

3. Enable Multi-Factor Authentication (MFA):

  • Where available, activate MFA for an extra layer of security. This reduces the risk of unauthorised access even if your password is compromised.

4. Verify Any Communication:

  • Be vigilant with emails, texts, or phone calls that claim to be from HMRC. Check the list of genuine HMRC contacts available on their website.
  • If in doubt, contact HMRC through the official fraud prevention email at FraudPreventionCentre@hmrc.gov.uk.

5. Maintain Good Cyber Hygiene:

  • Regularly update your passwords not only for HMRC but across all sensitive online services.
  • Remain cautious about unsolicited communications and avoid clicking on questionable links.

How We Can Help

At Burgis & Bullock, we are committed to supporting you in all matters relating to your financial and tax affairs. If you have any concerns about your HMRC account, or if you would like further guidance on strengthening your cybersecurity practices, please do not hesitate to reach out.

Staying informed and vigilant is the best defence against sophisticated phishing scams and fraudulent activities. We will continue to monitor updates from HMRC and other official sources, ensuring that you receive timely advice.

Additional Resources

  • HMRC Guidance: For more detailed official advice, review the HMRC guidance on unauthorised access.
  • Media Coverage: Stay updated by reading reputable news sources such as the BBC news article which provide context on the situation.
  • Cybersecurity Tips: We periodically publish tips and best practices for protecting your digital identity—be sure to check out our blog for further insights.

We encourage all our clients and contacts to take these recommendations seriously. While HMRC has taken swift action to thwart further fraud, your active participation in monitoring your accounts is crucial.

Remember, if you detect something that doesn’t seem right, act quickly and contact the relevant support teams. Your security is our priority.

If you have any questions or need personalized advice, please contact us at 0345 177 5500. We’re here to help ensure that your financial affairs remain secure and well-managed.

Stay safe and secure!

*This blog post is intended for informational purposes only and does not constitute legal or financial advice. *

Scroll to Top
✨Are you a sole trader or landlord with a total income over £30,000?

next free event - 16.10.25

From April 2026, Making Tax Digital for Income Tax Self Assessment (MTD for ITSA) will change the way sole traders and landlords report their income to HMRC. Whether you’re a seasoned business owner or just starting out, this event is your opportunity to get ahead of the curve.

Get Tickets