Article Details
Scrape Timestamp (UTC): 2024-05-07 19:46:54.370
Original Article Text
Click to Toggle View
UK confirms Ministry of Defence payroll data exposed in data breach. The UK Government confirmed today that a threat actor recently breached the country’s Ministry of Defence and gained access to part of the Armed Forces payment network. The attacked system contained personal data belonging to active and reserve personnel as well as some recently retired veterans. MoD core network unaffected In a statement to the House of Commons today, Defence Secretary Grant Shapps said that the Ministry of Defence (MoD) identified the intrusion “in recent days.” Immediately after learning of the compromise, the MoD isolated the system to prevent the intrusion from spreading and stopped processing all payments. Despite this, the incident did not have a significant impact on salaries, expense payments, and veterans’ pensions. “I can confirm in the meantime all April salaries have been paid,” said Shapps. The UK defense secretary clarified that the hackers targeted an external system managed by a contractor that was “completely separate” from MoD’s core network, and had no connection to the “main military HR system.” On the compromised host there were mainly names and banking details but in a few cases, addresses were also available. It is estimated that 270,000 payroll records have been exposed. An investigation of the incident has yet to reveal how the intrusion occurred. However, Shapps noted that there is evidence of “potential failings” on the contractor’s side, which may have facilitated the unauthorized access. Currently, there are no indications that the hacker stole any data but the affected service personnel has been informed of the risk through the chain of command. Veterans who may have been impacted by the breach will receive letter notifications about the incident and the data exposed. Shapps underlined that a malicious actor was behind the attack and said that at this stage “foreign state involvement” is also a possibility. The UK government did not attribute the attack officially but multiple media outlets are reporting that China is believed to be responsible.
Daily Brief Summary
The UK Ministry of Defence confirmed a breach exposing payroll data of active, reserve, and some retired personnel.
An external payment system managed by a contractor was compromised, affecting approximately 270,000 records.
Personal data including names, banking details, and some addresses were exposed, though core MoD networks remained secure.
All April salaries and payments were processed despite the breach, with no major impact on financial disbursements.
Immediate measures were taken to isolate the affected system and halt further intrusion.
An ongoing investigation has pointed to potential security lapses by the contractor handling the attacked system.
There are currently no indications of data theft, though affected individuals have been informed of the potential risk.
The incident has raised concerns about foreign state involvement, but no official attribution has been made yet.