Five members of a suspected criminal gang allegedly behind the theft of 700 British citizens' identities have been arrested on suspicion of an attempted £500,000 HMRC tax fraud.
A 35-year-old man from Bologna, Italy, has been charged with cheating HMRC and is in custody after his arrest upon landing at Stansted airport on Saturday.
Four others of Nigerian origin were arrested at other airports and have since been released on bail.
Italian state police claim the 35-year-old had applied for £500,000 in rebates, and had collected more than £100,000 after stealing 700 UK citizens' identities.
HMRC is now investigating an apparent cyber attack by a group believed to have obtained the personal details of third-parties in order to set up fake self-assessment accounts with HMRC, to gain tax rebates it was not entitled to.
Ross Parsell, director of cyber security at cyber security solutions firm Thales, said the news demonstrates that the Government must build security into the design of any digital reform initiative where services are migrated online.
He said: "In order for citizens and the government to get the most out of migrating certain interactions online, for instance collecting welfare benefits via Universal Credit, there is an overriding need to provide some form of secure identification credentials. Being able to verify, manage and protect the identity of claimants will be central to the success of the programme.
"MPs are absolutely right to warn that the Universal Credit system presents a serious fraud risk.
"Although the Public Sector Network will provide a secure back-end communications infrastructure, a question mark still remains over whether the government will be able to verify, manage and protect the identity of claimants still under question."
He said the government still lacks a secure system for paying money to people, as happens under the Universal Credit service.
"If a high percentage of transactions are fraudulent, the Government could come under severe pressure," he said.
One solution he suggested was for the Government to 'piggyback' on a bank's identification system using two-factor authentication with chip and pin.