HM Revenue and Customs (HMRC) chief executive John-Paul Marks has told MPs that he regrets any frustration over how information about a breach affecting around 100,000 taxpayers was disclosed.
The revenue body has faced criticism and questions over why MPs were not informed earlier about the incident.
On June 4, it was disclosed that HMRC had lost £47 million after a phishing scam breached tens of thousands of tax accounts.
Following updated information published by HMRC on Tuesday, that figure was revised upwards, to £49 million.
Senior civil servants at HMRC told the Treasury Committee that 100,000 people had been contacted, or were in the process of being contacted, after their accounts were locked down in what they said was an “organised crime” incident which started last year.
The Treasury Committee, which held a live session on June 4, wrote to Mr Marks earlier this week, telling him that: “To discover this information during a session from press reports and without adequate time for the committee to review the information in detail is unacceptable.”
During a Public Accounts Committee hearing on Thursday, Mr Marks told MPs: “We welcome your scrutiny.”
Mr Marks described the incident as a “serious, and (an) unacceptable loss of £49 million to the Exchequer, affecting 100,000 of our customers, which is about 0.2% of the PAYE caseload”.
He added: “Given we collect over £840 billion a year, the judgment on materiality is different for HMRC perhaps than other government departments.
“But nonetheless, I agree with the point with regards (to) disclosure, and I will do that in my annual report, which I will publish next month for the first time, so that is, again, properly done according to the rules under public money.
“The final thing really to say, I do regret if there’s been any frustration in terms of our handling of this, that was not our intent at all.”
He said he would respond to correspondence he had received this week with more detail.
Mr Marks continued: “I welcome your point, with regards (to) the opportunity to have in-private briefings, the level of security threats is significant and constant.
“The team detected and disrupted this one well. There was a criminal investigation. And in (a) private hearing, I’m happy to bring the head of the fraud investigation service, my chief security officer, to explain more about some of that detail but also the threat environment and the way in which we are ensuring HMRC is secure now and secure for the future as well.”
Earlier this week, an HMRC spokesperson said: “We faced a series of evolving and complex criminal attempts to access online tax accounts and our priority has been to protect customers and their accounts.
“Our customers suffered no financial loss as a result.
“Thorough investigation has been necessary to understand the extent of this activity and pursue the criminals responsible.
“We’ve worked closely with the Information Commissioner’s Office throughout to ensure we met our obligations.”
