MoD data breach: China suspected of hacking UK armed forces payroll

The government suspects China was behind the hack of an armed forces payroll system, the BBC understands.

MoD data breach: China suspected of hacking UK armed forces payroll

Defence Secretary Grant Shapps will not identify a specific culprit when he addresses MPs today, but is expected to warn of the dangers posed by cyber espionage from hostile states.

The system used by the Ministry of Defence (MoD) includes names and bank details of armed forces personnel.

China described the suggestion as a "fabricated and malicious slander".

Prime Minister Rishi Sunak, while stopping short on naming the country responsible, said "a malign actor has compromised" the payroll system.

In a very small number of cases, the data may include personal addresses.

The system, holding "personal HMRC-style information" for current regular, reservist and former members of the Royal Navy, Army and Royal Air Force over a period of several years, was managed by an external contractor.

Downing Street said it was reviewing the security of the unnamed contractor's operations.

The government became aware of the data breach in recent days, and has not found evidence hackers removed data but is continuing to investigate.

Sources have told BBC News the investigation into who was behind the breach, which will be seen as embarrassing for the MoD, is at an early stage.

It can take months, sometimes years, to gather enough evidence to publicly accuse so China is unlikely to be officially named today.

However, that does seem to be where suspicions are pointing towards, especially in light of Beijing's track record of targeting these kind of data sets.

When pressed on why the government is not naming China as responsible, the prime minister pointed to "very robust" government policy that means the UK can protect itself against the risk from China, and that defence spending had increased.

Service people affected by the hack will receive further information from the government about the breach and will be told any concerns are more about fraud risks rather than personal safety.

In an email sent to people affected on Tuesday, personnel were told they were confident May salaries will not be affected, but there may be slight delays to payments of routine expenses.

In response to the breach, Conservative MPs have raised concerns about the threat from China.

Tobias Ellwood, former chairman of the Commons Defence Committee, told BBC Radio's 4 Today programme: "Targeting the names of the payroll system and service personnel's bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced."

He pointed to China previously trying to gain information from ex-RAF pilots.

Iain Duncan Smith said the government must admit China poses a threat to the UK.

"No more pretence, China is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states," he said.

Meanwhile, Labour's Shadow Defence Secretary John Healey said there were "serious questions" for Mr Shapps and "any such hostile action is utterly unacceptable".

In a statement, the Chinese embassy in the UK said it strongly opposed the suggestion China was responsible and it had no need to "meddle in the internal affairs of the UK".

"We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce," a spokesman said.

Last year, the government published an updated version of its long-term defence strategy which said the use of "commercial spyware, ransomware and offensive cyber capabilities by state and non-state actors has proliferated".

In March, the government publicly accused China of being behind an August 2021 hack targeting the details of millions of voters held by the Electoral Commission.

In December 2023, the National Cyber Security Centre said Russian intelligence was behind a "malicious cyber activity attempting to interfere in UK politics and democratic processes".

Public institutions and private firms have also been targeted by hackers demanding ransoms.

The Metropolitan Police said it is not involved in any investigation at this stage.

-bbc