British Military Personnel Data Hacked

Uploaded on 2024-05-07 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW, TECHNOLOGY--Hackers

The British Ministry of Defence (MoD) has detected a significant data breach in which the personal information of UK  military personnel has been exposed. Government sources are accusing Chinese hackers of responsibility. 

MoD officials say the names and bank details of thousands of serving British soldiers, sailors and air force members have been exposed in a data breach at a payroll system.

Defence Secretary Grant Shapps is due to update MPs about the hack in the Commons on 7th May and he is expected to set out a "multi-point plan" in response, which will include action to protect affected service men and women.

The hack targeted a third party payroll system used by the Ministry of Defence, which includes names and bank details of both current and some past armed forces members and in a number of cases, the data may include personal addresses that was was managed by the external contractor.

In comment, Graeme Stewart, Head of UK Public Sector at Check Point Software said “It is a double-edged sword; businesses rely on a network of partners to deliver best-in-class services, but by integrating with multiple third parties, the threat surface is expanded.... With the supply chain being a popular vector that cyber criminals are willing to exploit, organisations need to conduct the necessary due diligence to ensure its technology partners are compliant with cybersecurity standards. Businesses must avoid a situation where corporate resources are easily accessible and implement network segmentation and least privilege access to reduce exposure and ensure that external contacts are limited to only where is necessary”.

The hacked payroll data relates to current and former members of the Royal Navy, Army and Royal Air Force over several years. No operational MoD data has been stolen and the MoD has taken immediate action and the system has been taken off-line, while investigations are under way.

The MoD is in the process of sending information and advice to those affected, including making veterans' organisations aware of what has happened.

While it has not been disclosed who is behind this hack, it comes amid increased warnings about cyber security threats facing the UK from hostile states and third parties. Recently, the British government published accusations about China being behind a hack in August 2021 that targeting the details of millions of voters held by the Electoral Commission. 

Ian Thornton-Trump who is the CISO at Cyjax, argues that the attack on the payroll system could reveal more than a list of names. “Any report and damage assessment into the hack will be highly classified, so we’re unlikely to find out just how much information the hackers have managed to extract. But as well as being incredibly embarrassing, this could be more than a list of names and how much they are paid. Analysis of the data could reveal military staff with special payroll or military services codes, indicating connections to branches of service or specialised forces - potentially increasing the risk to them.”

In December 2023, the National Cyber Security Centre accused Russian intelligence for a "malicious cyber activity attempting to interfere in UK politics and democratic processes". Public institutions and private firms have also been targeted by hackers demanding ransoms. 

Gov.UK   |   BBC   |   Guardian   |   Reuters   |   NDTV   |    Gigazine   |   TechTimes   |   Cyjax 

Image: Ideogram

You Might Also Read: 

British Parliament Debates Chinese Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Three Steps To Secure Your Organisation Against Cyber Attacks
The US Has A New Global Cyber Security Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology (NIST)

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Traced

Traced

TRACED is changing the detection paradigm. Empowering defenders to go on the offense to engage cyber attackers before they compromise your organization.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.