Personal Data of UK Military Breached in a Cyberattack

The personal data of thousands of UK military personnel was compromised in a severe data breach targeting the Ministry of Defence, sparking widespread concern. The breach occurred in a third-party payroll system managed by SSCL — a contractor tasked with handling sensitive government department data.

This system contained names, bank details, and, in some instances, addresses of both current and former members of the Royal Navy, Army, and Royal Air Force. As details of the breach unfolded, Defense Secretary Grant Shapps addressed Parliament, highlighting the actions taken to mitigate the breach's impact.

In response to the breach, officials "immediately took the system offline," according to Shapps, who also announced the start of an investigation into potential shortcomings by the contractor, SSCL, which bills itself as "the largest provider of critical business support services for government." The SSCL has yet to formally respond to the breach.

UK Prime Minister Rishi Sunak told reporters that a malign actor was likely behind the breach, emphasizing the complexity of the situation and the potential geopolitical implications. This breach jeopardizes the personal security of affected military personnel and poses broader national security risks.

The UK Ministry of Defense has assured military personnel that comprehensive measures are being implemented to protect their information and prevent such incidents in the future.

Mel Stride, a government minister, described the incident as a "very significant matter" to Sky News. However, he would not confirm whether China was behind the hack, despite reports to the contrary.

The UK has previously pointed fingers at countries like China and Russia for similar breaches, including the 2021 hack targeting the Electoral Commission, which was attributed to Chinese hackers by the government.