Shapps: ‘potential contractor failings’ could have made Mod hack simpler
- MPs are set to be told about the massive data breach tomorrow
Failures by a formerly government-owned contractor may have made a cyber attack on Armed Forces data being blamed on China ‘easier’ to carry out, the Defence Secretary said today.
Grant Shapps confirmed that Shared Services Connected Ltd (SSCL) was the company whose system was hacked, exposing the names and bank details of hundreds of thousands of service personnel – and some home addresses.
In a statement to MPs this afternoon Mr Shapps suggested that little or no data had been stolen, as he announced a probe into what happened.
Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs as he set out an eight-point plan to support and protect those potentially affected.
He blamed the attack on a ‘malign actor’, but failed to confirm reports that China was behind the break-in despite saying a nation state may have been involved.
The Defence Secretary also criticised SSCL, saying there was ‘evidence of potential failings by them that may have made it easier for the malign actor to gain entry.’
Politicians and experts said the attack bore all the hallmarks of Chinese origin.
Conservative former leader Sir Iain Duncan Smith told Sky News: ‘This is yet another example of why the UK Government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.
‘No more pretence, it is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.’
Former defence minister Tobias Ellwood told the BBC‘s Radio 4 Today programme: ‘Targeting the names of the payroll system and service personnel’s bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.’
It comes as president Xi visits France on a state visit, where he will hold talks with Emmanuel Macron.
The Chinese embassy in London denied involvement, saying claims of an attack were ‘completely fabricated and malicious slanders’.
Grant Shapps confirmed that Shared Services Connected Ltd (SSCL) was the company whose system was hacked, exposing the names and bank details of hundreds of thousands of service personnel – and some home addresses.
Speaking to broadcasters in south-east London, Rishi Sunak said there were ‘indications that a malign actor’ had compromised the database, but declined to attribute the attack to a specific state or ‘actor’.
It comes as president Xi visits France on a state visit, where he will hold talks with Emmanuel Macron.
Conservative former leader Sir Iain Duncan Smith told Sky News : ‘This is yet another example of why the UK Government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.’
Mr Shapps told the Commons: ‘In recent days the Ministry of Defence (MoD) has identified indications that a malign actor gained access to part of the Armed Forces payment network. This is an external system completely separate to the MoD’s core network, and it’s not connected to the main military HR system.
‘The House will wish to note that it is operated by a contractor and there is evidence of potential failings by them which may have made it easier for the malign actor to gain entry. A specialist security review of the contractor and their operations is under way and appropriate steps will be taken.
‘The contractor-operated system in question is held and holds personal data of regular reserve personnel and some recently retired veterans, this includes names and bank details and in a smaller number of cases addresses.
‘In response to this incident, we’ve undertaken significant and immediate action, enacting a multi-point response plan to support and protect our people.’
Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs.
He set out an eight-point plan to support and protect those potentially affected.
Mr Shapps told the House of Commons he couldn’t release further details of the attack ‘for reasons of national security’.
But he added: ‘We do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.’
‘This incident is further proof that the UK is facing rising and evolving threats… the world is I’m afraid becoming somewhat more dangerous.’
Labour’s shadow defence secretary John Healey said there would be ‘serious concern’ that news of the cyber attack was reported in the media before Mr Shapps was able to update Parliament.
He added: ‘The media have clearly been briefed that China is behind the hack but the Defence Secretary only tells us about a malign actor.
‘Now, the Government rightly has a very rigorous system before official accusations or attributions are made.
‘But if this deep data breach is found to be carried out by a hostile state, it would represent a very serious threat to our national security.’
Mr Shapps replied: ‘The media release last night was coincidental and unwelcome as far as we were concerned. Unfortunately, of course, a lot of people were involved in this.’
The Ministry of Defence (MoD) took immediate action when it discovered the breach, taking the external network – operated by a contractor – offline.
Downing Street said the Government had also launched a security review of the contractor’s operations.
The Prime Minister’s official spokesman declined to comment on speculation about the origin of the attack ahead of the statement to the Commons by Mr Shapps this afternoon.
It comes less than two months after Chinese state-affiliated actors were blamed by the government for two ‘malicious’ cyberattack campaigns in the UK.
The two incidents involved an attack on the Electoral Commission in 2021 as well as targeted attacks against MPs sceptical of China.
In a speech made in the commons last month, Deputy Prime Minister Oliver Dowden confirmed that the Chinese ambassador would be summoned to ‘account for China’s conduct in these incidents’.
He also announced that the UK – alongside international partners including the US – would be issuing sanctions against the Chinese government.
The MoD is said to be hopeful that serving personnel will not be concerned about their safety. Those impacted by the data breach will be given advice and support tomorrow.
The contractor system is not connected to the main MoD computer systems and has been taken down with a review launched.
Up to 250,000 people could be impacted by the breach with their names and bank details amongst the information that has been compromised
It comes less than two months after Chinese state-affiliated actors were blamed by the government for two ‘malicious’ cyberattack campaigns in the UK (file image)
All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.
The MoD is said to have worked on the issue intensively over the last 72 hours to figure out how much data was exposed during the hack. It is understood that investigations have not shown any data to have been taken so far.
Up to 250,000 people could be impacted by the breach with their names and bank details amongst the information that has been compromised.
The identification of Special Forces soldiers – who are entitled to lifelong anonymity – has not been compromised according to defence sources.
The country’s President Xi Jinping is currently on a two-day state visit to France – his first visit to Europe since 2019.
Meeting with French President Emmanuel Macron yesterday, President Xi called for a ‘worldwide truce’ during the Olympic Games this summer.
The incident risks dissuading other countries with challenging relationships with China from sharing sensitive intelligence with the UK.
