British Military Personnel Data Hacked

Uploaded on 2024-05-07 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW, TECHNOLOGY--Hackers

The British Ministry of Defence (MoD) has detected a significant data breach in which the personal information of UK  military personnel has been exposed. Government sources are accusing Chinese hackers of responsibility. 

MoD officials say the names and bank details of thousands of serving British soldiers, sailors and air force members have been exposed in a data breach at a payroll system.

Defence Secretary Grant Shapps is due to update MPs about the hack in the Commons on 7th May and he is expected to set out a "multi-point plan" in response, which will include action to protect affected service men and women.

The hack targeted a third party payroll system used by the Ministry of Defence, which includes names and bank details of both current and some past armed forces members and in a number of cases, the data may include personal addresses that was was managed by the external contractor.

In comment, Graeme Stewart, Head of UK Public Sector at Check Point Software said “It is a double-edged sword; businesses rely on a network of partners to deliver best-in-class services, but by integrating with multiple third parties, the threat surface is expanded.... With the supply chain being a popular vector that cyber criminals are willing to exploit, organisations need to conduct the necessary due diligence to ensure its technology partners are compliant with cybersecurity standards. Businesses must avoid a situation where corporate resources are easily accessible and implement network segmentation and least privilege access to reduce exposure and ensure that external contacts are limited to only where is necessary”.

The hacked payroll data relates to current and former members of the Royal Navy, Army and Royal Air Force over several years. No operational MoD data has been stolen and the MoD has taken immediate action and the system has been taken off-line, while investigations are under way.

The MoD is in the process of sending information and advice to those affected, including making veterans' organisations aware of what has happened.

While it has not been disclosed who is behind this hack, it comes amid increased warnings about cyber security threats facing the UK from hostile states and third parties. Recently, the British government published accusations about China being behind a hack in August 2021 that targeting the details of millions of voters held by the Electoral Commission. 

Ian Thornton-Trump who is the CISO at Cyjax, argues that the attack on the payroll system could reveal more than a list of names. “Any report and damage assessment into the hack will be highly classified, so we’re unlikely to find out just how much information the hackers have managed to extract. But as well as being incredibly embarrassing, this could be more than a list of names and how much they are paid. Analysis of the data could reveal military staff with special payroll or military services codes, indicating connections to branches of service or specialised forces - potentially increasing the risk to them.”

In December 2023, the National Cyber Security Centre accused Russian intelligence for a "malicious cyber activity attempting to interfere in UK politics and democratic processes". Public institutions and private firms have also been targeted by hackers demanding ransoms. 

Gov.UK   |   BBC   |   Guardian   |   Reuters   |   NDTV   |    Gigazine   |   TechTimes   |   Cyjax 

Image: Ideogram

You Might Also Read: 

British Parliament Debates Chinese Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Three Steps To Secure Your Organisation Against Cyber Attacks
The US Has A New Global Cyber Security Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Logsign

Logsign

Logsign is a Security Orchestration, Automation and Response (SOAR) platform with next-gen Security Information and Event Management (SIEM) solution.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

Ockam

Ockam

Ockam gives you the tools you need to establish an architecture for trust within your connected device applications.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

DIGISOC

DIGISOC

DIGISOC, a leader in Latin America in Cybersecurity solutions, combines machine learning with human intelligence to be effective in detecting cyber threats.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.