British Military Personnel Data Hacked

The British Ministry of Defence (MoD) has detected a significant data breach in which the personal information of UK  military personnel has been exposed. Government sources are accusing Chinese hackers of responsibility. 

MoD officials say the names and bank details of thousands of serving British soldiers, sailors and air force members have been exposed in a data breach at a payroll system.

Defence Secretary Grant Shapps is due to update MPs about the hack in the Commons on 7th May and he is expected to set out a "multi-point plan" in response, which will include action to protect affected service men and women.

The hack targeted a third party payroll system used by the Ministry of Defence, which includes names and bank details of both current and some past armed forces members and in a number of cases, the data may include personal addresses that was was managed by the external contractor.

In comment, Graeme Stewart, Head of UK Public Sector at Check Point Software said “It is a double-edged sword; businesses rely on a network of partners to deliver best-in-class services, but by integrating with multiple third parties, the threat surface is expanded.... With the supply chain being a popular vector that cyber criminals are willing to exploit, organisations need to conduct the necessary due diligence to ensure its technology partners are compliant with cybersecurity standards. Businesses must avoid a situation where corporate resources are easily accessible and implement network segmentation and least privilege access to reduce exposure and ensure that external contacts are limited to only where is necessary”.

The hacked payroll data relates to current and former members of the Royal Navy, Army and Royal Air Force over several years. No operational MoD data has been stolen and the MoD has taken immediate action and the system has been taken off-line, while investigations are under way.

The MoD is in the process of sending information and advice to those affected, including making veterans' organisations aware of what has happened.

While it has not been disclosed who is behind this hack, it comes amid increased warnings about cyber security threats facing the UK from hostile states and third parties. Recently, the British government published accusations about China being behind a hack in August 2021 that targeting the details of millions of voters held by the Electoral Commission. 

Ian Thornton-Trump who is the CISO at Cyjax, argues that the attack on the payroll system could reveal more than a list of names. “Any report and damage assessment into the hack will be highly classified, so we’re unlikely to find out just how much information the hackers have managed to extract. But as well as being incredibly embarrassing, this could be more than a list of names and how much they are paid. Analysis of the data could reveal military staff with special payroll or military services codes, indicating connections to branches of service or specialised forces - potentially increasing the risk to them.”

In December 2023, the National Cyber Security Centre accused Russian intelligence for a "malicious cyber activity attempting to interfere in UK politics and democratic processes". Public institutions and private firms have also been targeted by hackers demanding ransoms. 

Gov.UK   |   BBC   |   Guardian   |   Reuters   |   NDTV   |    Gigazine   |   TechTimes   |   Cyjax 

Image: Ideogram

You Might Also Read: 

British Parliament Debates Chinese Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Three Steps To Secure Your Organisation Against Cyber Attacks
The US Has A New Global Cyber Security Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Snow Software

Snow Software

Snow Software is changing the way organizations think about their technology investments, empowering IT and business leaders to drive transformation with precision and agility.

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.