The British Ministry of Defense faces a cyber attack that affects 270,000 payroll records

The UK Ministry of Defense has suffered a cyber attack that has led to a breach of personal information of British military personnel.

The guard reported that Chinese hackers allegedly gained access to 270,000 British Armed Forces payroll records. Beijing denied any involvement and dismissed the claim as a political smear.

The BBC reported the leaked data, stored on a third-party payroll system, including details such as names and bank details of current and former members of the armed forces, part-time reservists, at least one MP and veterans who left after January 2018. Access could also have been gained to a small number of addresses. It is not known what the data is for.

The Special Forces remain unaffected by the breach because they use a separate, highly secure system. However, uncertainty remains over whether members of the Intelligence Corps, a branch of the military, are among those whose personal information may have been compromised.

The Defense Department hacking operation is believed to have lasted about three weeks, but was only discovered last week when investigators began monitoring a series of anomalous activities.

“I would like to reassure people that the Ministry of Defense has already taken action to take the network offline and ensure those affected are properly supported,” said Prime Minister Rishi Sunak.

Affected service personnel will receive precautionary warnings and specialist advice. They will also have access to a personal data protection service to monitor unauthorized attempts to use their information.

All salaries have been successfully issued during the last payday and no problems are expected for the upcoming payday at the end of this month. However, in some cases there may be some delay in the reimbursement of costs.

Defense Secretary Grant Shapps revealed that the leaked data was managed by a private contractor, Shared Services Connected (SSCL).

Contractor under safety assessment

The Downing Street office said the company commissioned to manage the database was under security investigation and that appropriate action would be taken.

According to the SSCL website, in addition to the Ministry of Defence, the company’s clients include the Department for Work & Pension, the British Armed Forces and veterans, the Metropolitan Police, the Ministry of Justice and the Cabinet Office.

“We have launched a full investigation, using Cabinet support and specialist external expertise, to investigate the contractor’s potential failings and minimize the risk of similar incidents in the future,” Shapps said.

Martin Greenfield, CEO of cybersecurity consultancy Quod Orbis, said more than half of all organizations have this experienced any form of cyber security breach or attack in the past year, there is a challenge for UK organizations in securing systems.

“The challenge is further compounded by the presence of silos in cybersecurity monitoring, which can lead to gaps in threat detection and response. When different departments or systems operate in isolation, it becomes more difficult to identify and mitigate potential vulnerabilities, making organizations more vulnerable to attack,” Greenfield said.

Greenfield said As the investigation into this breach unfolds, it will become clear that Britain’s cyber security posture must evolve to meet the growing threat landscape.

Jake Moore, Global Cybersecurity Advisor at software company ESET, agreed with this sentiment. Moore said that “protecting the digital landscape is just as important as protecting the physical domain.”

“Many companies in government supply chains will handle highly sensitive data, but it is imperative that it is monitored not only in terms of vetting, but also in terms of ongoing security protocols. When dealing with this level of sensitive information, which could potentially have a huge knock-on effect, it is vital that it is protected to the highest possible standard,” said Moore.

UK battles with cyber threats

Last year there was a serious data breach affected the Police Service of Northern Ireland (PSNI), leaving every active officer and staff member ‘incredibly vulnerable’.

The breach was caused by human error after a spreadsheet containing highly sensitive information was published on Tuesday in response to a Freedom of Information (FOI) request.

In August last year, Scotland Yard said it had been notified of ‘unauthorized access to the IT system of one of its suppliers’, but it was unclear when the breach occurred or how many staff may have been affected.

The supplier in question had access to names, ranks, photographs, levels of control and pay numbers of officers and staff, but had no personal information such as addresses, telephone numbers or financial data.

There was a separate incident in August discovers when Norfolk and Suffolk Police confirmed a data breach involving 1,230 people, including crime victims, witnesses and suspects.

The data was incorrectly included in Freedom of Information (FOI) responses due to a ‘technical issue’. The armed forces said in a statement that the data was hidden from anyone who opened the files but should not have been included.

The data includes personally identifiable information about victims, witnesses and suspects, as well as descriptions of crimes, including sexual assault and domestic violence.

Join the latest technology conversations and discover groundbreaking innovations.

You don’t want to miss one of the most exciting technology events of the year.