Pierluigi Paganini May 08, 2024

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans.

The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans.

The Ministry of Defence revealed that a malign actor gained access to part of the Armed Forces payment network, which is an external system completely separate to MOD’s core network.

Defence Secretary Grant Shapps told House of Commons that the impacted system is not connected to the main military HR system.

The UK Ministry of Defense is reviewing the operations of the impacted contractor and announced that appropriate measures will be taken.

The compromised information includes the personal data of regular and reserve personnel and some recently retired veterans. The malicious actor gained access to names and bank details, and, in a smaller number of cases, addresses of the impacted personnel.

The UK government did not publicly attribute the attack, however, the BBC reported that UK ministers suspected China was responsible

“Grant Shapps told MPs the government had reason to believe the hack “was the suspected work of a malign actor” – and the BBC understands that ministers suspect China was responsible.” states the BBC.

Mr. Shapps publicly criticized the contractor, stating there was “evidence of failings” in the management of the breached system.

“For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident,” Mr. Shapps added.

China denied any involvement in the attack and labeled the accusation as a “fabricated and malicious slander”.

“We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce,” a spokesman for the Chinese embassy in the UK said.

Labour’s shadow defence secretary John Healey speculated that the external contractor operating the breached system was Shared Services Connected Ltd (SSCL).

SSCL is a joint venture between the British government and a private tech firm, it provides services to the Home Office, Cabinet Office and Ministry of Justice.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, UK Ministry of Defense)