UK's tax agency HRMC has seen steady increase of cyberattacks amid COVID-19

October 5, 2020

Her Majesty's Revenue and Customs (HMRC) in the U.K. has been hit with 521,582 malicious email attacks over the last three months, according to official figures. The HRMC oversees tax affairs for millions of people in the U.K.

The data, which was obtained by the Parliament Street think tank cyber security research team using the Freedom of Information (FOI) Act, showed an average of over 5,000 spam, phishing and malware attacks. These attacks were recorded by HRMC over the a three month period between June and September, 2020.

Spam and junk made up the largest proportion of attacks - contributing to 377,820 of the total 521,582 recorded by HMRC. Whereas, phishing, made up 128,255 of the overall number of attacks, and the remaining 15,507 attacks were said to contain malware.

The data also revealed that there has been a steady increase in monthly attacks aimed at HMRC, since June 13^th during the COVID-19 lockdown period. Figures rose from 115,585 in June, to 153,992 in July, and 175,227 attacks in August.

Figures for September showed 76,778 attacks in the first 10 days alone, leading Parliament Street researchers to reasonably assume that this quantity could have tripled to a staggering 230,000 malicious email attacks in total by the month end.

The types of attack were broken down into three main categories: malware/antivirus, phishing and spam/junk.

“Organizations like HMRC, which oversee the tax affairs of millions of people, are a top target for malicious hackers who will stop at nothing to steal confidential data. These figures illustrate the huge volume of malicious phishing emails targeted at HMRC employees on a daily basis and serve as a reminder to other government organizations to keep email security and cyber awareness front of mind in an increasingly dangerous online world," said Cyber expert Chris Ross, SVP International, Barracuda Networks. "All it takes is a single rogue email to reach the inbox of an unsuspecting staffer undetected and criminals could easily get hold of critical personal data, passwords or log-in credentials. Such a scenario could cause serious problems, both in terms of data protection and disruption to critical public services."

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

UK's tax agency HRMC has seen steady increase of cyberattacks amid COVID-19

Related Articles

Related Events

Report Abusive Comment