China Suspected After Major MoD Payroll Breach
Sensitive personal and financial information belonging to UK military personnel has been compromised in a significant state-sponsored data breach, according to reports.
The defense secretary, Grant Schapps, is expected to make a statement in the House of Commons later today detailing exactly what happened.
However, reports circulating this morning claimed the hackers successfully targeted a third-party payroll provider, with mainly names and bank details exposed.
The contractor’s IT systems are not connected to the main Ministry of Defence (MoD) network, and are now being taken down for review, according to Sky News.
Although the government is being tight-lipped in public on the identity of its attacker, the news channel claimed it has been told China was to blame. Conservative MP and former soldier, Tobias Ellwood, argued that reconnaissance and blackmail may have been behind the breach.
“Targeting the MoD’s payroll and bank details was probably looking at the financially vulnerable with a view that they may be coerced in exchange for cash,” he’s quoted as saying.
“And if this type of cyber-attack is taking place here in the UK we can assume other NATO countries will be targeted too.”
Read more on MoD breaches: UK Ministry of Defence Fined For Afghan Data Breach
Interestingly, initial investigations appear to have revealed that no data was actually exfiltrated as part of the attack – although a digital postmortem is still underway.
Martin Greenfield, CEO of cybersecurity consultancy, Quod Orbis, argued that the public sector has always been a major target for threat actors.
“What we see time and again is that the challenge is exacerbated by the presence of silos in cybersecurity monitoring, which can lead to gaps in threat detection and response. When different departments or systems operate in isolation, it becomes more difficult to identify and mitigate potential vulnerabilities, leaving organizations more susceptible to attacks,” he added.
“In this context, the breach of personal information could lead to further targeted attacks, both in the digital and physical realm. When we consider the ongoing tensions in Ukraine and Israel, such attacks pose a wider risk to MoD operations in the area.”
This is by no means the first breach of its kind at the MoD. The ministry recorded double the number of supplier security incidents in 2021 as a year earlier, it revealed.