The Ministry of Defense has suffered a major data breach and the personal information of UK military personnel has been hacked.
The target of the attack was a third-party payroll system used by the Ministry of Defence, which includes names and bank details of current and former members of the armed forces. A very small number of addresses may also have been accessed.
The department took immediate action and disconnected the external network, operated by a contractor.
Initial investigations have found no evidence of data being deleted, according to the BBC and Sky, who first reported the story. The Guardian understands the matter will be raised with MPs in the House of Commons on Tuesday and Grant Shapps, the defense secretary, is expected to make a statement in the afternoon.
Ministers will blame hostile and evil actors, but will not name the country behind the hack.
Affected service personnel will be alerted as a precaution and will receive specialist advice. They may use a personal data protection service to check whether their information is being used or attempted to be used.
All salaries were paid on the last pay day, with no problems expected on the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.
Shadow Defense Secretary John Healey said: “There are so many serious questions for the Defense Secretary about this, especially from forces personnel whose details were attacked.
“Any such hostile action is absolutely unacceptable.”
The Ministry of Defense first discovered the attack several days ago and has since been working to understand its scale and impact. In March, the United Kingdom and the United States accused China of a global campaign of “malicious” cyberattacks, in an unprecedented joint operation to reveal Beijing’s spying.
Britain blamed Beijing for attacking the Electoral Commission watchdog in 2021 and for being behind an online “recognition” campaign targeting the email accounts of MPs and peers.
In response to the Beijing-linked hacks of the Election Commission and 43 people, a front company, Wuhan Xiaoruizhi Science and Technology Company, and two people linked to the hacking group APT31 were sanctioned.
But some of the MPs targeted by the Chinese state said the response did not go far enough and urged the government to toughen its stance towards China, labeling it a “threat” to national security rather than an “epoch-defining challenge.” ”.
Former Conservative leader Iain Duncan Smith echoed those calls, telling Sky News: “This is yet another example of why the UK government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.
“No more pretensions. He is an evil actor supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.”
The Guardian has contacted the Ministry of Defense for comment.
