A security breach at an outside contractor inadvertently allowed Chinese hackers to access the payroll data of virtually all members of Britain’s armed forces — an estimated 270,000 people. File Photo by Keizo Mori/UPI | License Photo
A security breach at an outside contractor inadvertently allowed hackers to access the payroll data of virtually all members of Britain’s armed forces — an estimated 270,000 people.
The compromised data affecting serving and former service personnel of the British Army, Royal Navy and Royal Air Force, as well as reservists, included names and bank details and, in several thousand instances, addresses and national insurance numbers, government sources said. Advertisement
Special forces such as the SAS and SBS were not affected.
The affected system has been taken offline pending an investigation into the “very recent” incident and it remained unclear whether information was stolen or tampered with during the time hackers had access, said to be as long as several weeks.
Free checks with credit reference agencies are expected to be provided to service personnel to enable them to keep an eye out for unauthorized use of their financial information.
Parliament is awaiting a briefing from Defense Secretary Grant Shapps on the incident later Tuesday in which he will detail a “multi-point plan” by the Ministry of Defense to deal with the problem and protect service men and women, though he is not expected to explicitly attribute blame for the hack. Advertisement
However, media outlets, including Sky News are reporting that China is the state involved.
“So many serious questions for the defense secretary on this, especially from Forces personnel whose details were targeted,” said opposition Labor’s shadow defense secretary John Healey.
“Any such hostile action is utterly unacceptable.”
Conservative MP and former soldier Iain Duncan Smith, one of five British lawmakers sanctioned by China, said the incident showed the risk China presented was fundamental.
“This is yet another example of why the U.K. government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.”
The Chinese embassy in London on Tuesday denied any involvement.
“The so-called cyber-attacks by China against the U.K. are completely fabricated and malicious slanders. We strongly oppose such accusations,” it said in a statement.
“China does not encourage, support or condone cyber-attacks. At the same time, we oppose the politicization of cybersecurity issues and the baseless denigration of other countries without factual evidence.
“China has neither the interest nor the need to meddle in the internal affairs of the U.K. We urge the relevant parties in the U.K. to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce.” Advertisement
However, the MoD hack follows a number of data breaches all linked to Beijing including the August 2021 hack of the Electoral Commission in which alleged Chinese actors accessed details of 40 million voters and hacked into its email and control systems.
In March, Deputy Prime Minister Oliver Dowden imposed sanctions on China telling MPs that the Chinese government was behind the alleged accessing of voters’ personal details and cyberattacks on lawmakers critical of China.
The electoral commission breach, allegedly carried out by China-based APT 31 hacking group, went undetected for two years.