Question to the HM Treasury:

To ask the Chancellor of the Exchequer, whether HM Revenue and Customs has conducted a recent assessment of vulnerabilities in the Government Gateway system relating to unauthorised changes to personal account details.

This question was answered on 12th March 2026
HM Revenue and Customs keeps the security of the Government Gateway under continual review.

As part of its standard cyber security and risk management processes, HMRC regularly undertakes security risk assessments, vulnerability management activity and testing to identify and mitigate potential threats, including risks associated with unauthorised changes to customer account details. These activities are complemented by fraud prevention controls, monitoring and investigation arrangements designed to detect and respond to suspicious or potentially fraudulent account activity. Where issues are identified, they are prioritised and addressed in line with HMRC’s security governance and incident management arrangements.

For security reasons, HMRC does not comment publicly on the detail or outcomes of specific security assessments.