What we know about the MoD ‘being hacked by China’

Grant Shapps has said up to 272,000 may be affected - but stopped short of blaming China.

Undated file photo of the sign for the Ministry of Defence in London. Defence Secretary Grant Shapps will update MPs on a cyber attack on a database containing details of armed forces personnel amid reports China was behind the hack. A third-party payroll system has been hacked, potentially compromising the bank details of all serving personnel and some veterans. A very small number of addresses may also have been accessed. Issue date: Tuesday May 7, 2024.
The Ministry of Defence (MoD) has been targeted in a cyber attack. (PA)

Grant Shapps has said that “state involvement” in the large-scale cyber attack on the Ministry of Defence (MoD) cannot be ruled out amid speculation China carried out the hack.

The defence secretary said there is evidence of “potential failings” of the contractor - Shared Services Connected Ltd (SSCL) - operating the payroll system that was hacked, “which may have made it easier for the malign actor” to gain access to the details of up to 272,000 service personnel and veterans.

Shapps stopped short of naming China but said he "cannot rule out state involvement" amid claims the government suspects Beijing to be linked to the attack.

China has described the reports as a "fabricated and malicious slander".

The government has launched a full investigation after the cyber attack was carried out on a third-party payroll system on a database continuing details of armed forces personnel.

The hack potentially comprises the bank details of all serving personnel and some veterans and a very small number of addresses may also have been accessed.

The Guardian said the records had been exposed to hackers, with data including names and bank details, and in a few thousand instances, addresses and national insurance numbers.

The MoD took the external network, operated by a contractor, offline and it is understood that initial investigations have found no evidence that data has been removed.

However, affected service personnel will be alerted as a precaution and provided with specialist advice.

London, UK. 30 Apr 2024. Grant Shapps - Secretary of State for Defence attends a cabinet meeting in Downing Street: Justin Ng/Alamy Live News.
Defence secretary Grant Shapps briefed MPs about the hack in the House of Commons on Tuesday. (Alamy)

They will be able to use a personal data protection service to check whether their information is being used or an attempt is being made to use it.

All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.

Contractor SSCL is thought to provide business process services to 22 government departments and agencies and is responsible for paying 550,000 public servants

The culprit has not been established, but both Sky News and the BBC reported that the government suspects China of carrying out the hack.

Shapps declined to identify the culprit, telling the Commons: “For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident.

“However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.”

The Ministry of Defence MOD building on Whitehall, London, UK
The Ministry of Defence (MoD) said a third-party system was hacked. (PA)

The scale of the attack several days ago is also unknown, or how exactly it was carried out.

The number of personnel whose details were compromised has not been confirmed, but Shapps said up to 272,000 service personnel may have been hit by the data breach.

However, it appears initial investigations have found no evidence that any data has been removed, but affected armed forces personnel have been alerted as a precaution.

China has denied carrying out the hack, with a spokesman for its embassy in the UK saying: "The so-called cyber attacks by China against the UK are completely fabricated and malicious slanders.

“We strongly oppose such accusations. China has always firmly fought all forms of cyber-attacks according to law."

The Metropolitan Police said it is not involved in any investigation at this stage.

In March, the UK and the US accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.

Britain blamed Beijing for targeting the Electoral Commission watchdog in 2021 and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.

In response to the Beijing-linked hacks on the Electoral Commission and 43 individuals, a front company, Wuhan Xiaoruizhi Science and Technology Company, and two people linked to the APT31 hacking group were sanctioned.

But some of the MPs targeted by the Chinese state said the response did not go far enough, urging the Government to toughen its stance on China by labelling it a “threat” to national security rather than an “epoch-defining challenge”.