Skip to main contentSkip to navigationSkip to navigation
The Ministry of Defence building in Whitehall
The third-party payroll system used by the MoD has been taken offline. Photograph: Toby Melville/PA
The third-party payroll system used by the MoD has been taken offline. Photograph: Toby Melville/PA

UK armed forces’ personal data hacked in MoD breach

This article is more than 5 months old

Defence secretary to address MPs after names and bank details of armed forces members targeted by unnamed attacker

The Ministry of Defence has suffered a significant data breach and the personal information of UK military personnel has been hacked.

A third-party payroll system used by the MoD, which includes names and bank details of current and past members of the armed forces, was targeted in the attack. A very small number of addresses may also have been accessed.

The department took immediate action and took the external network, operated by a contractor, offline.

Initial investigations found no evidence that data had been removed, according to the BBC and Sky, who first reported the story. The Guardian understands MPs will be addressed on the matter in the Commons on Tuesday, with Grant Shapps, the defence secretary, expected to make a statement in the afternoon.

Ministers will blame hostile and malign actors, but will not name the country behind the hacking.

Affected service personnel will be alerted as a precaution and provided with specialist advice. They will be able to use a personal data protection service to check whether their information is being used or an attempt is being made to use it.

All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.

The shadow defence secretary, John Healey, said: “So many serious questions for the defence secretary on this, especially from forces personnel whose details were targeted.

“Any such hostile action is utterly unacceptable.”

The MoD first discovered the attack several days ago and has since been working to understand its scale and impact. In March the UK and the US accused China of a global campaign of “malicious” cyber-attacks, in an unprecedented joint operation to reveal Beijing’s espionage.

Britain blamed Beijing for targeting the Electoral Commission watchdog in 2021 and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.

In response to the Beijing-linked hacks on the Electoral Commission and 43 individuals, a front company, Wuhan Xiaoruizhi Science and Technology Company, and two people linked to the APT31 hacking group were placed under sanctions.

But some of the MPs targeted by the Chinese state said the response did not go far enough, urging the government to toughen its stance on China by labelling it a “threat” to national security rather than an “epoch-defining challenge”.

The Conservative former leader Iain Duncan Smith repeated those calls, telling Sky News: “This is yet another example of why the UK government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.

“No more pretence. It is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.”

In a statement on Tuesday morning, the MoD said: “The defence secretary will make a planned statement to the House of Commons this afternoon setting out the multi-point plan to support and protect personnel.”

A spokesperson for the Chinese foreign ministry said Beijing opposed and fought all forms of cyber-attack and it rejected using the issue for political ends to smear other countries.

More on this story

More on this story

  • Users of ‘throuples’ dating app Feeld may have had intimate photos accessed

  • Hackers steal customer data from Europe’s largest parking app operator

  • Greater Manchester police officers’ data hacked in cyber-attack

  • Met police on high alert after supplier IT security breach

  • PSNI data breach: 200 officers and staff not informed about theft for month

  • PSNI and UK voter breaches show data security should be taken more seriously

  • Northern Ireland police chief urged to consider position over data breach

  • Northern Ireland police data breach is second in weeks, force reveals

  • UK data watchdog to scale back fines for public bodies

  • Brexit data firm broke Canadian privacy laws, watchdog finds

Most viewed

Most viewed

  翻译: