The government has come under fire after it emerged ministers have known for months about the flaw used for £30m of fraudulent online tax credit claims.
HM Revenue and Customs (HMRC) was warned about the flaw more than six months ago but only closed the tax credit portal down last week after it discovered criminals had used the identities of 1,500 civil servants at the Department of Work and Pensions (DWP) to make fraudulent claims.
The tax credit Web site handles around half a million transactions a year and the fraudsters were able to change claim details and redirect the money into their own bank accounts by getting hold of a genuine claimant's name, date of birth and national insurance number.
The latest fraud involving innocent staff at the DWP only came to light during compliance checks by HMRC, and MPs have been told the tax credit Web site has been hit by over £30m of fraudulent claims.
The police have now been called in and a spokesman for HMRC declined to comment further while the criminal investigation is ongoing — but said the tax credit Web site will remain down until the review of its security is completed. Liberal Democrat Work and Pensions secretary David Laws slammed the government and said ministers must make a statement as to why they took so long to take action to stop the fraud.
He said: "This complicated and chaotic system is wide open to fraud. Ministers have known for some time that organised criminals were using the Internet to defraud the system."
The debacle is yet another embarrassment for the government's flagship tax credits programme, which has suffered from problems since it was launched in 2003. Much of that has been down to an IT system described as a "nightmare" by MPs. EDS was last month forced to shell out £71m to HMRC to settle the dispute over problems with the tax credits IT system.