UK confirms Ministry of Defence payroll data exposed in data breach

The UK Government confirmed today that a threat actor recently breached the country’s Ministry of Defence and gained access to part of the Armed Forces payment network.

The attacked system contained personal data belonging to active and reserve personnel as well as some recently retired veterans.

MoD core network unaffected

In a statement to the House of Commons today, Defence Secretary Grant Shapps said that the Ministry of Defence (MoD) identified the intrusion “in recent days.”

Immediately after learning of the compromise, the MoD isolated the system to prevent the intrusion from spreading and stopped processing all payments.

Despite this, the incident did not have a significant impact on salaries, expense payments, and veterans’ pensions. “I can confirm in the meantime all April salaries have been paid,” said Shapps.

The UK defense secretary clarified that the hackers targeted an external system managed by a contractor that was “completely separate” from MoD’s core network, and had no connection to the “main military HR system.”

On the compromised host there were mainly names and banking details but in a few cases, addresses were also available. It is estimated that 270,000 payroll records have been exposed.

An investigation of the incident has yet to reveal how the intrusion occurred. However, Shapps noted that there is evidence of “potential failings” on the contractor’s side, which may have facilitated the unauthorized access.

Currently, there are no indications that the hacker stole any data but the affected service personnel has been informed of the risk through the chain of command.

Veterans who may have been impacted by the breach will receive letter notifications about the incident and the data exposed.

Shapps underlined that a malicious actor was behind the attack and said that at this stage “foreign state involvement” is also a possibility.

The UK government did not attribute the attack officially but multiple media outlets are reporting that China is believed to be responsible.