MoD personal data targeted in third-party data breach

A significant data breach involving the UK Ministry of Defence (MoD) emerged on Monday, with the personal information of an unknown number of current and former UK military personnel having been accessed, according to BBC News. The cyberattack targeted an MoD payroll system managed by an external contractor. The impacted data includes names, bank details, and, in a few cases, personal addresses of current and former members of the Royal Navy, Army and Royal Air Force dating back several years. The MoD acted swiftly to take the affected system offline while investigations are underway. 

It is unknown who is behind the cyberattack, although The Guardian reports Conservative MP Mel Stride said on Tuesday morning that a "state actor" is likely responsible. The warning comes ahead of a statement from Defence Secretary Grant Shapps, who is expected to address MPs regarding the matter in the Commons on Tuesday. 

In an update on Tuesday, BBC News revealed Grant Shapps informed MPs that the UK government had reason to believe that the recent hack of the Ministry of Defence (MoD) was the work of a "malign actor." Sources suggest that the government suspects China was responsible for the breach. China strongly denies the allegations. Shapps criticised the contractor-operated system, allegedly Shared Services Connected Ltd (SSCL), stating that there was "evidence of failings" and apologised to the affected servicemen and women. According to The Register, up to 272,000 people may have been affected by the incident.

In a statement responding to the breach, the Information Commissioner's Office (ICO) said, "The Ministry of Defence has made us aware of this incident, and we are assessing the information provided."