MoD data breach: China suspected of UK armed forces payroll hack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

  • By Henry Zeffman & Gordon Corera
  • BBC News
7 May 2024, 07:43 BST

Updated 9 minutes ago

Image source, Getty Images

The government suspects China was behind the hack of an armed forces payroll system, the BBC understands.

Defence Secretary Grant Shapps will not identify a specific culprit when he addresses MPs today, but is expected to warn of the dangers posed by cyber espionage from hostile states.

The system used by the Ministry of Defence (MoD) includes names and bank details of armed forces personnel.

China said it “opposes all forms of cyber attacks”.

In a very small number of cases, the data may include personal addresses.

The system, holding “personal HMRC-style information” for current and former members of the Royal Navy, Army and Royal Air Force over a period of several years, was managed by an external contractor.

The government became aware of the data breach in recent days, and has not found evidence hackers removed data from the system but is acting as if they did.

Cabinet minister Mel Stride told Sky News the government takes cybersecurity “extremely seriously” and acted “very swiftly”.

Sources have told BBC News the investigation into who was behind the breach, which will be seen as embarrassing for the MoD, is at an early stage.

It can take months, sometimes years, to gather enough evidence to publicly accuse so China is unlikely to be officially named today.

However, that does seem to be where suspicions are pointing towards, especially in light of Beijing’s track record of targeting these kind of data sets.

Service people affected by the hack will receive further information from the government about the breach and will be told any concerns are more about fraud risks rather than personal safety.

In response to the breach, Conservative MPs have raised concerns about the threat from China.

‘Serious questions’

Tobias Ellwood, former chairman of the Commons Defence Committee, told BBC Radio’s 4 Today programme: “Targeting the names of the payroll system and service personnel’s bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.”

Iain Duncan Smith said the government must admit China poses a threat to the UK.

“No more pretence, China is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states,” he said.

Meanwhile, Labour’s Shadow Defence Secretary John Healey said there were “serious questions” for Mr Shapps and “any such hostile action is utterly unacceptable”.

Asked about the hacking accusations at a press conference, Chinese Ministry of Foreign Affairs spokesperson Lin Jian: “The remarks of these UK politicians are absurd.

“China opposes all forms of cyber attacks, and the use of this issue to smear and vilify other countries.”

Last year, the government published an updated version of its long-term defence strategy which said the use of “commercial spyware, ransomware and offensive cyber capabilities by state and non-state actors has proliferated”.

Public institutions and private firms have also been targeted by hackers demanding ransoms.

The Metropolitan Police said it is not involved in any investigation at this stage.

Are you affected by the issues raised in this story? Share your experiences by emailing [email protected].

Please include a contact number if you are willing to speak to a BBC journalist. You can also get in touch in the following ways:

If you are reading this page and can’t see the form you will need to visit the mobile version of the BBC website to submit your question or comment or you can email us at [email protected]. Please include your name, age and location with any submission.


Click Here For The Original Story From This Source.


National Cyber Security