News Hub

UK Ministry of Defence experiences cyberattack affecting 270,000 payroll records

Written by Wed 8 May 2024

The UK Ministry of Defence has experienced a cyberattack leading to a breach of personal information belonging to UK military personnel.

The Guardian reported 270,000 payroll records from Britain’s armed forces were allegedly accessed by Chinese hackers. Beijing denied any involvement, dismissing the claim as a political smear.

The BBC reported the leaked data, stored on a third-party payroll system, included details like names and bank details of current and past members of the armed forces, part-time reservists, at least one MP, and veterans who left after January 2018. A small amount of addresses could also have been accessed.  It is not known what the data is intended to be used for.

The Special Forces remain unaffected by the breach due to their use of a separate, highly secure system. However, uncertainty persists regarding whether members of the Intelligence Corps, a part of the army, are among those whose personal details might have been compromised.

The Ministry of Defence hacking operation is suspected to have persisted for around three weeks but was only uncovered last week when investigators began monitoring a series of abnormal activities.

“I do want to reassure people that the Ministry of Defence has already taken the action of removing the network offline and making sure that people affected are supported in the right way,” said Prime Minister Rishi Sunak.

Affected service personnel will receive alerts as a precautionary measure and will be offered specialist advice. They will also have access to a personal data protection service to monitor any unauthorised attempts to use their information.

All salaries were successfully issued during the last payday, and no issues are anticipated for the upcoming one at the end of this month. However, there might be a slight delay in the reimbursement of expenses in a few cases.

Defence Secretary, Grant Shapps, revealed the leaked data was managed by a private contractor, Shared Services Connected (SSCL). 

Contractor Under Security Review

Downing Street office said the company contracted to manage the database was under security review and that appropriate steps would be taken.

According to the SSCL’s website, alongside the Ministry of Defence, the company’s clients include the Department for Work & Pension, the UK Military and Veterans, the Metropolitan Police, the Ministry of Justice, and the Cabinet Office.

“We have launched a full investigation, drawing on Cabinet Office support and specialist external expertise to examine the potential failings of the contractor and to minimise the risk of similar incidents in the future,” said Shapps

Martin Greenfield, CEO of cybersecurity consultancy, Quod Orbis, said with over half of all organisations having experienced some form of cyber security breach or attack in the last year, there is a challenge faced by UK organisations in securing systems.

“The challenge is exacerbated by the presence of silos in cybersecurity monitoring, which can lead to gaps in threat detection and response. When different departments or systems operate in isolation, it becomes more difficult to identify and mitigate potential vulnerabilities, leaving organisations more susceptible to attacks,” added Greenfield.

Greenfield said as investigations into this breach unfold, it will become clear that the UK’s cybersecurity posture needs to evolve to meet the growing threat landscape. 

Jake Moore, Global Cybersecurity Advisor at software company, ESET, agreed with this sentiment. Moore said ‘protecting the digital landscape is just as critical as safeguarding the physical realm’.

“Many businesses in the Government’s supply chains will handle extremely sensitive data but it is imperative that they are checked not only in terms of vetting but in terms of continual security protocols as well. When dealing with this level of sensitive information which could potentially cause a huge knock-on effect, it is vital that they are protected to the highest possible standard,” said Moore.

UK Battles with Cyberthreats

Last year, a severe data leak struck the Police Service of Northern Ireland (PSNI), rendering every active officer and staff member ‘incredibly vulnerable’.

The leak was caused by human error after a spreadsheet containing highly sensitive information was published in response to a Freedom of Information (FOI) request on Tuesday.

In August last year, Scotland Yard said it had been made aware of ‘unauthorised access to the IT system of one of its suppliers’, but it was unclear when the breach occurred or how many personnel might have been affected.

The supplier in question had access to names, ranks, photos, vetting levels and pay numbers for officers and staff, but did not hold personal information such as addresses, phone numbers, or financial details.

A separate incident in August was discovered when Norfolk and Suffolk police forces confirmed a data breach affecting 1,230 people, including victims of crime, witnesses, and suspects.

The data was mistakenly included in Freedom of Information (FOI) responses due to a ‘technical issue’. The forces said in a statement that the data was hidden from anyone opening the files, but should not have been included.

The data included personal identifiable information on victims, witnesses and suspects, as well as descriptions of offences, including sexual and domestic assaults.

Join Tech Show London

12-13 March 2025, ExCeL London

Be a part of the latest tech conversations and discover pioneering innovations.

You won’t want to miss one of the most exciting technology events of the year.

Written by Wed 8 May 2024

Send us a correction Send us a news tip