Circa 270,000 payroll records belonging to most members of Britain’s armed forces have been exposed to Chinese hackers in a breach at a 3rd-party contractor that was discovered a few days ago.
The data at risk includes names & bank details for full-time military personnel, part-time reservists, including at least one MP, & veterans who left after Jan. 2018. It was managed by a private contractor, SSCL revealed Grant Shapps, the Defence Secretary in an emergency statement in the Commons late Tuesday afternoon.
Forced
He was forced into announcing the name of the outside contractor concerned only after leaks in the media forced his hand.
He further informed the House that the incident was the “suspected work of a malign actor & we cannot rule out state involvement.” Official sources were less reserved & ‘privately’ pointed the finger at China.
The minister told the Commons that there was not yet a “proven connection” to China, & he would not even mention the country by name, leading to criticism from several MPs for his caution.
China Strategy
John Healey, the Shadow Defence Secretary, contrasted media reports of Chinese involvement with Shapps’s limited declaration & accused ministers of having “no cross-government China strategy” & “completely inadequate resourcing” in defending against threats from Beijing.
Hackers are believed to have been in the system for a while, maybe weeks, but there is no immediate evidence that any data was stolen or interfered with.
Salary Payment
Salary payment has not been affected, but personnel have been offered credit checks so that people can monitor whether bank details are being used without permission.
China denied it was involved & stayed that the idea that it posed a threat to the UK was a ‘gross distortion.’
A spokesperson for the Chinese embassy in London commented: “We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, & stop their anti-China political farce.”
GCHQ
Formal attribution of hacker attacks is usually difficult, partly because attackers take care to cover their tracks – but it is also true that diplomatic considerations play a major part in when & how to accuse another country. The intelligence agencies GCHQ & the National Cyber Security Centre (NCSC) are understood to be involved in the latest investigation.
The Electoral Commission was hacked by Chinese players in Aug. 2021, & in March this year ministers held China responsible. The attackers gained access to copies of the electoral registers & broke penetrated agency’s emails & control systems. Parliamentarians critical of Beijing have also been targeted, the Govt. has observed.
Bob Seely
Those affected by the latest hack include MPs who are active paid reservists, with the Conservative backbencher Bob Seely, a member of the Army Reserves, telling the Commons he had received a warning phone call. “It is a little frustrating to be told one’s bank details & NI number are winging their way to Beijing or wherever they have gone.”
Others potentially affected include Andrew Murrison, a Junior Defence Minister, who acts as a Surgeon Commander in the Royal Navy. He has been regularly paid for his work over the past year according to his declaration in the parliamentary register. However, the MoD said it would not comment on individual cases.
SSCL
The Defence Secretary also tried to shift the focus to the contractor, SSCL, a subsidiary of the Paris-headquartered Sopra Steria. Shapps explained that he was concerned about “potential failings” in the company & told MPs he had commissioned “a full review of their work” within MoD. The Cabinet Office had been asked to look at the activity of the company across Govt, he added.
SSCL was, until Oct. 2023, 25%-owned by the Cabinet Office but was fully privatised at that point. Its French parent company did not comment on Tues.
James Cleverly
Official sources indicated that other high-profile MPs who are military reservists may not be affected because they are not active on duty & are therefore not paid.
They include James Cleverly, the Home Secretary, who is a Reserve Forces officer who has declared he “received no payments” since his election, & Tom Tugendhat, the Security Minister, who is a commissioned officer in the Naval reserve. Spokespeople for the ministers did not respond to requests for comment.
SAS
The SAS & other special forces are understood to be paid separately, & so are not affected. Royal veterans William the Prince of Wales, & his brother Harry left the military before 2018 & do not appear to fall in the affected groups, although they may not have had any payroll records at all.
An announcement had been planned on Tues., but details were leaked overnight to the media before personnel were briefed, military sources revealed. Once the hack was discovered, the system was taken offline.
Credit Check Software
Alfie Usher, an army veteran who runs Claims Bible, a military compensation specialist, said members of the armed forces should be vigilant.
“The MoD will offer a credit check software so people can keep an eye on new accounts being opened or any fraud alerts, along with individuals taking extra care when using their emails to avoid phishing scams,” he added.