The Ministry of Defence (MoD) has shut down a third-party payment system that may have been hacked by a “malign actor,” ministers confirmed on Tuesday.
Briefing Parliament on Tuesday afternoon, Defence Secretary Grant Shapps said foreign state involvement could not be ruled out but didn’t attribute the suspected attack to a specific actor.
According to Mr. Shapps, the MoD identified indications of an attack in recent days on a system that holds the names, bank details, and, in a small number of cases, addresses of armed forces personnel and some veterans.
Up to 272,000 may have been affected, Mr. Shapps said, noting that the number “is still being refined” and “will probably end up lower.”
The minister said initial investigations have found no evidence that any data has been removed, and a full investigation has been launched to examine potential failings and prevent future incidents.
According to Mr. Shapps, there’s “evidence of potential failings” by the system’s operator, payroll contractor SSCL, that could have made the attack easier.
The minister also said all April salaries are paid and that delays in some expense payments are expected to be “fully resolved today.”
He also said that the MoD has “stopped to the processing of all payments and isolated the system” after becoming aware of the attack.
As part of an eight-point plan, the MoD has also alerted those who are or may have been affected, set up a helpline, and provided a commercial personal data protection service for all service personnel,” Mr. Shapps added.
Mr. Shapps told MPs the government can’t release further details “for reasons of national security,” but confirmed that it does “have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.”
The incident “is further proof that the UK is facing rising and evolving threats,” the minister said.
Confirming the suspected attack earlier in the day, Prime Minister Rishi Sunak also sought to reassure the public that the MoD had already taken the network offline.
Pressed on his stance on China after recent reports suggested Beijing was the source of the attack, Mr. Sunak said he had set out “a very robust policy” towards Beijing, taking the powers necessary “to protect ourselves against the risk that China and other countries pose to us.”
He added that Britain was facing “an axis of authoritarian states, including Russia, Iran, North Korea and China” that “pose a risk to our values, our interests and, indeed, our country”.
A spokesperson for the Chinese embassy denied Beijing was behind the attack and called the allegations “completely fabricated and malicious slanders.”
The revelation comes after the UK and the United States in March accused Beijing of a global campaign of malicious cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.
Britain blamed Beijing for targeting the Electoral Commission watchdog in 2021 and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.
In response to the Beijing-linked hacks on the Electoral Commission and 43 individuals, a front company, Wuhan Xiaoruizhi Science and Technology Company, and two people linked to the APT31 hacking group were sanctioned.
However, some of the MPs targeted by the Chinese state said the response did not go far enough. They urged the government to toughen its stance on China by labeling it a “threat” to national security rather than an “epoch-defining challenge.”