Tax credit fiasco: 8,800 identities stolen

The government has admitted losing £2.7m to fraudulent claims through a hole in the tax credits system as details emerge of further employee identity theft.

Her Majesty's Revenue and Customs (HMRC) was forced to close down the tax credits website at the start of December last year, after a spate of fraudulent claims came to light which exploited the stolen identities of Department for Work and Pensions staff.

The Treasury did not respond to silicon.com's requests for comment about the tax fraud but in a statement to parliament yesterday, paymaster general Dawn Primarolo revealed more details of the fraud.

Primarolo said: "It is now established that some 8,800 staff identities may have been stolen in 2003-04 and that of these, 6,800 have been used in an attempt to defraud the tax credits system in Autumn 2005.

"Of the 6,800 fraudulent claims, around 4,100 were fully intercepted by HMRC before any payment, so that no payment was made.

"Of the remaining 2,700 claims where tax credit payments were made into multiple bank accounts using the stolen identities, payments were suspended immediately they were discovered, and all payments were suspended by 16 December 2005."

Primarolo divulged the information after it was also revealed that 4,000 Network Rail employees had their personal details stolen and bank accounts set up under false pretences.

The tax credit website, which is now shut down, handles around half a million transactions per year. Fraudsters changed claim details and redirected money into their own bank accounts by getting hold of a genuine claimant's name, date of birth and national insurance number.

Chancellor of the Exchequer Gordon Brown said in his pre-budget report at the end of 2005 that new anti-fraud measures would include HMRC doubling the checks it carries out on new claims for tax credits before payments are made.

The government said it had reported the information to the National Criminal Intelligence Service, which will form part of the Serious Organised Crime Agency later this year.

According to the government, HMRC detected the fraud and informed Network Rail.

A statement from HMRC said: "It is nonsense to say that the tax credits system is to blame in this case when it was HMRC who were first to identify the Network Rail fraud, to inform Network Rail that their employee identities had been stolen, and close the fraud down."

Network Rail failed to respond to a request for comment.

Brian Contos of security firm ArcSight said: "This incident has been described as one of Britain's biggest benefit frauds - with one in seven staff at Network Rail falling victim to this identity theft.

"These attacks may be able to target a victim from both within and from outside an organisation in tandem yielding the most possible havoc."