The Ministry of Defence has suffered a significant data breach, with personal information of UK military personnel hacked. The attack targeted a third-party payroll system used by the MoD, which includes names and bank details of current and former armed forces members. A very small number of addresses may also have been accessed.
The department took immediate action, taking the external network offline. Initial investigations found no evidence that data had been removed. Defence Secretary Grant Shapps is expected to address MPs in the Commons on Tuesday afternoon, blaming hostile and malign actors but not naming the country behind the hacking.
Affected service personnel will be alerted as a precaution and provided with specialist advice. They will be able to use a personal data protection service to check whether their information is being used. All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.
Shadow Defence Secretary John Healey said: “So many serious questions for the defence secretary on this, especially from forces personnel whose details were targeted.” The MoD first discovered the attack several days ago and has been working to understand its scale and impact.
This breach comes after the UK and US accused China of a global campaign of malicious cyber-attacks in March. Britain blamed Beijing for targeting the Electoral Commission and MPs' emails. In response, sanctions were placed on a front company and two individuals linked to the APT31 hacking group. Some MPs have urged the government to label China a threat to national security.
