270,000 UK forces records thought to have been exposed to Chinese hackers | Ministry of Defence
[ad_1]
An estimated 270,000 pay records belonging to almost all members of the British Armed Forces were exposed to Chinese hackers in a breach at a third-party contractor that was discovered a few days ago.
The data at risk included names and bank details and, in several thousand cases, addresses and National Insurance numbers of current and recently retired members of the army, navy and air force, government sources said.
There was no immediate evidence that any data was stolen or tampered with, but investigations are ongoing. Staff are expected to obtain credit checks so that people can monitor whether their bank details have been used without permission.
Grant Shapps, the defense secretary, is expected to brief MPs on Tuesday afternoon about the situation and the steps being taken by the Ministry of Defense to address the issue. The hackers are believed to have been present on the system for some time, possibly weeks.
An announcement was planned for Tuesday, but details leaked overnight to the media before personnel were briefed, military sources said. Once the hack was discovered, the system was immediately shut down.
Shapps is not expected to officially attribute the attack to China, but the hack is understood to have been carried out by actors from within the country, the latest in a growing number of data breaches attributed to Beijing.
The electoral commission was hacked by Chinese actors in August 2021 and in March ministers held China accountable. The attackers gained access to copies of the electoral rolls and penetrated the e-mail and control systems.
Rishi Sunak, the prime minister, said China was “behaving in an increasingly assertive manner abroad” and was “the biggest state threat to our economic security”. Parliamentarians critical of Beijing have also been attacked, the government said.
It is believed that the SAS and other special forces are paid separately and are therefore not affected. Some of the 270,000 records affected by the breach are considered duplicates, so the actual number of people affected is likely to be lower.
A Department of Defense The spokesman said: “The Defense Secretary will make a scheduled statement to the House of Commons this afternoon setting out the multi-point plan to support and protect personnel.”
A spokesman for China’s foreign ministry said Beijing opposes and fights all forms of cyber-attacks and rejects using the issue for political purposes to defame other countries.
A spokesman for the Chinese embassy in London added: “China has always maintained the principle of non-interference in the internal affairs of others. China has neither interest nor need to interfere in the internal affairs of the United Kingdom.
“We call on the relevant parties in the UK to stop spreading false information, stop fabricating so-called threat narratives from China and stop their anti-China political farce.”
Alfie Usher, an army veteran who runs the Claims Bible, a specialist in military compensation, said members of the armed forces needed to be vigilant.
“The Department of Defense will offer credit-checking software so that people can monitor new account openings or fraud alerts, as well as individuals who take extra care when using their email to avoid phishing scams,” he added. .
The investigators, which include the government’s cyber security agencies GCHQ and NCSC, are also looking at “potential failings” by contractors who ran the outsourced pay system on behalf of the Ministry of Defence.
The force is paid by SSCL, a Paris-based subsidiary of Sopra Steria. SSCL’s website says it provides core payroll, human resources and pension services to 230,000 active duty and reservist personnel and 2 million veterans.
Sopra Steria has been contacted for comment.
[ad_2]