British Military Personnel Data Hacked
The British Ministry of Defence (MoD) has detected a significant data breach in which the personal information of UK military personnel has been exposed. Government sources are accusing Chinese hackers of responsibility.
MoD officials say the names and bank details of thousands of serving British soldiers, sailors and air force members have been exposed in a data breach at a payroll system.
Defence Secretary Grant Shapps is due to update MPs about the hack in the Commons on 7th May and he is expected to set out a "multi-point plan" in response, which will include action to protect affected service men and women.
The hack targeted a third party payroll system used by the Ministry of Defence, which includes names and bank details of both current and some past armed forces members and in a number of cases, the data may include personal addresses that was was managed by the external contractor.
In comment, Graeme Stewart, Head of UK Public Sector at Check Point Software said “It is a double-edged sword; businesses rely on a network of partners to deliver best-in-class services, but by integrating with multiple third parties, the threat surface is expanded.... With the supply chain being a popular vector that cyber criminals are willing to exploit, organisations need to conduct the necessary due diligence to ensure its technology partners are compliant with cybersecurity standards. Businesses must avoid a situation where corporate resources are easily accessible and implement network segmentation and least privilege access to reduce exposure and ensure that external contacts are limited to only where is necessary”.
The hacked payroll data relates to current and former members of the Royal Navy, Army and Royal Air Force over several years. No operational MoD data has been stolen and the MoD has taken immediate action and the system has been taken off-line, while investigations are under way.
The MoD is in the process of sending information and advice to those affected, including making veterans' organisations aware of what has happened.
While it has not been disclosed who is behind this hack, it comes amid increased warnings about cyber security threats facing the UK from hostile states and third parties. Recently, the British government published accusations about China being behind a hack in August 2021 that targeting the details of millions of voters held by the Electoral Commission.
Ian Thornton-Trump who is the CISO at Cyjax, argues that the attack on the payroll system could reveal more than a list of names. “Any report and damage assessment into the hack will be highly classified, so we’re unlikely to find out just how much information the hackers have managed to extract. But as well as being incredibly embarrassing, this could be more than a list of names and how much they are paid. Analysis of the data could reveal military staff with special payroll or military services codes, indicating connections to branches of service or specialised forces - potentially increasing the risk to them.”
In December 2023, the National Cyber Security Centre accused Russian intelligence for a "malicious cyber activity attempting to interfere in UK politics and democratic processes". Public institutions and private firms have also been targeted by hackers demanding ransoms.
Gov.UK | BBC | Guardian | Reuters | NDTV | Gigazine | TechTimes | Cyjax
Image: Ideogram
You Might Also Read:
British Parliament Debates Chinese Cyber Attacks:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible