UK Military Data Breach: Thousands of Troops at Risk

As a result of a data breach from a third-party payroll system, the names, banking details, and in some cases, addresses of approximately 272,000 active duty and veteran members of the British Armed Forces were exposed. According to Defence Minister Grant Shapps, the systems were immediately shut down. Investigators suggest that the campaign was likely funded by state actors from a hostile country.

While Shapps highlighted that there is no direct evidence implicating any nation, the possibility cannot be dismissed. He did not confirm media reports suggesting that Chinese hackers could be behind the cyberattack, citing national security reasons for withholding further details.

The leak affected data from the client base of SSCL— the largest provider of critical support services to the government. Besides the Ministry of Defence, its clients include the Home Office, the Cabinet Office, and the Ministry of Justice.

The incident has raised concerns in Parliament. An opposition spokesperson questioned why the media had information on China’s possible involvement while the government was not prepared to confirm it officially.

In response to inquiries about the reports, the Chinese Ministry of Foreign Affairs stated that it opposes all forms of cyberattacks and “the use of cybersecurity to deliberately slander other countries for political purposes.”

SSCL was initially established as a joint venture between the British government and a private technology company. Last year, the government fully divested itself from the venture, selling the remaining 25% of the company’s shares.

In March, the UK and the US accused hacker groups linked to the Chinese government of a series of cyberattacks targeting American officials, journalists, corporations, pro-democracy activists, and an election monitoring body in the UK. Both countries imposed sanctions against several individuals, and the United States charged seven alleged perpetrators.