London24NEWS

Shapps: ‘potential contractor failings’ could have made Mod hack simpler

  • MPs are set to be told about the massive data breach tomorrow 

Failures by a formerly government-owned contractor may have made a cyber attack on Armed Forces data being blamed on China ‘easier’ to carry out, the Defence Secretary said today. 

Grant Shapps confirmed that Shared Services Connected Ltd (SSCL) was the company whose system was hacked, exposing the names and bank details of hundreds of thousands of service personnel – and some home addresses.

In a statement to MPs this afternoon Mr Shapps suggested that little or no data had been stolen, as he announced a probe into what happened. 

Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs as he set out an eight-point plan to support and protect those potentially affected.

He blamed the attack on a ‘malign actor’, but failed to confirm reports that China was behind the break-in despite saying a nation state may have been involved. 

The Defence Secretary also criticised SSCL, saying there was ‘evidence of potential failings by them that may have made it easier for the malign actor to gain entry.’

Politicians and experts said the attack bore all the hallmarks of Chinese origin.

Conservative former leader Sir Iain Duncan Smith told Sky News: ‘This is yet another example of why the UK Government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.

‘No more pretence, it is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.’  

Former defence minister Tobias Ellwood told the BBC‘s Radio 4 Today programme: ‘Targeting the names of the payroll system and service personnel’s bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.’

It comes as president Xi visits France on a state visit, where he will hold talks with Emmanuel Macron

The Chinese embassy in London denied involvement, saying claims of an attack were ‘completely fabricated and malicious slanders’. 

Grant Shapps confirmed that Shared Services Connected Ltd (SSCL) was the company whose system was hacked, exposing the names and bank details of hundreds of thousands of service personnel - and some home addresses.

Grant Shapps confirmed that Shared Services Connected Ltd (SSCL) was the company whose system was hacked, exposing the names and bank details of hundreds of thousands of service personnel – and some home addresses.

Speaking to broadcasters in south-east London, Rishi Sunak said there were 'indications that a malign actor' had compromised the database, but declined to attribute the attack to a specific state or 'actor'.

Speaking to broadcasters in south-east London, Rishi Sunak said there were ‘indications that a malign actor’ had compromised the database, but declined to attribute the attack to a specific state or ‘actor’. 

It comes as president Xi visits France on a state visit, where he will hold talks with Emmanuel Macron.

It comes as president Xi visits France on a state visit, where he will hold talks with Emmanuel Macron.

Conservative former leader Sir Iain Duncan Smith told Sky News : 'This is yet another example of why the UK Government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.'

Conservative former leader Sir Iain Duncan Smith told Sky News : ‘This is yet another example of why the UK Government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.’

Mr Shapps told the Commons: ‘In recent days the Ministry of Defence (MoD) has identified indications that a malign actor gained access to part of the Armed Forces payment network. This is an external system completely separate to the MoD’s core network, and it’s not connected to the main military HR system.

‘The House will wish to note that it is operated by a contractor and there is evidence of potential failings by them which may have made it easier for the malign actor to gain entry. A specialist security review of the contractor and their operations is under way and appropriate steps will be taken.

‘The contractor-operated system in question is held and holds personal data of regular reserve personnel and some recently retired veterans, this includes names and bank details and in a smaller number of cases addresses.

‘In response to this incident, we’ve undertaken significant and immediate action, enacting a multi-point response plan to support and protect our people.’

Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs.

He set out an eight-point plan to support and protect those potentially affected.

Mr Shapps told the House of Commons he couldn’t release further details of the attack ‘for reasons of national security’.

But he added: ‘We do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.’

‘This incident is further proof that the UK is facing rising and evolving threats… the world is I’m afraid becoming somewhat more dangerous.’

Labour’s shadow defence secretary John Healey said there would be ‘serious concern’ that news of the cyber attack was reported in the media before Mr Shapps was able to update Parliament.

He added: ‘The media have clearly been briefed that China is behind the hack but the Defence Secretary only tells us about a malign actor.

‘Now, the Government rightly has a very rigorous system before official accusations or attributions are made.

‘But if this deep data breach is found to be carried out by a hostile state, it would represent a very serious threat to our national security.’

Mr Shapps replied: ‘The media release last night was coincidental and unwelcome as far as we were concerned. Unfortunately, of course, a lot of people were involved in this.’

The Ministry of Defence (MoD) took immediate action when it discovered the breach, taking the external network – operated by a contractor – offline.

Downing Street said the Government had also launched a security review of the contractor’s operations.

The Prime Minister’s official spokesman declined to comment on speculation about the origin of the attack ahead of the statement to the Commons by Mr Shapps this afternoon.

It comes less than two months after Chinese state-affiliated actors were blamed by the government for two ‘malicious’ cyberattack campaigns in the UK.

The two incidents involved an attack on the Electoral Commission in 2021 as well as targeted attacks against MPs sceptical of China.

In a speech made in the commons last month, Deputy Prime Minister Oliver Dowden confirmed that the Chinese ambassador would be summoned to ‘account for China’s conduct in these incidents’.

He also announced that the UK – alongside international partners including the US – would be issuing sanctions against the Chinese government.

The MoD is said to be hopeful that serving personnel will not be concerned about their safety. Those impacted by the data breach will be given advice and support tomorrow.

The contractor system is not connected to the main MoD computer systems and has been taken down with a review launched.

Up to 250,000 people could be impacted by the breach with their names and bank details amongst the information that has been compromised

Up to 250,000 people could be impacted by the breach with their names and bank details amongst the information that has been compromised

It comes less than two months after Chinese state-affiliated actors were blamed by the government for two 'malicious' cyberattack campaigns in the UK (file image)

It comes less than two months after Chinese state-affiliated actors were blamed by the government for two ‘malicious’ cyberattack campaigns in the UK (file image)

All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases. 

The MoD is said to have worked on the issue intensively over the last 72 hours to figure out how much data was exposed during the hack. It is understood that investigations have not shown any data to have been taken so far. 

Up to 250,000 people could be impacted by the breach with their names and bank details amongst the information that has been compromised.

The identification of Special Forces soldiers – who are entitled to lifelong anonymity – has not been compromised according to defence sources.

The country’s President Xi Jinping is currently on a two-day state visit to France – his first visit to Europe since 2019.

Meeting with French President Emmanuel Macron yesterday, President Xi called for a ‘worldwide truce’ during the Olympic Games this summer.

The incident risks dissuading other countries with challenging relationships with China from sharing sensitive intelligence with the UK.

The cyber attacks that hit the UK

– March 2024

The UK and the United States accused China of a global campaign of ‘malicious’ cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.

Britain publicly blamed China for targeting the Electoral Commission watchdog and for being behind a campaign of online ‘reconnaissance’ aimed at the email accounts of MPs and peers.

The Electoral Commission attack was identified in October 2022, but the hackers had first been able to access the commission’s systems for more than a year, since August 2021.

– December 2023

A Foreign Office minister told the Commons that private conversations of high-profile politicians and civil servants were compromised by Russia’s principal security service during ‘sustained’ attempts to interfere in UK politics.

A cyber influence campaign by a group known as Star Blizzard, ‘almost certainly’ a subordinate of an FSB cyber unit, had ‘selectively leaked and amplified information’ since 2015.

– July 2022

The British Army confirmed a ‘breach’ of its Twitter and YouTube accounts. The channel featured videos on cyptocurrency and images of billionaire businessman Elon Musk.

The official Twitter account had retweeted a number of posts appearing to relate to NFTs (non-fungible tokens).

– July 2021

The UK accused the Chinese government of being behind ‘systematic cyber sabotage’ following a hacking attack which affected a quarter of a million servers around the world. The attacks, which took place in early 2021, targeted Microsoft Exchange servers.

– April 2021

Britain accused Russia’s foreign intelligence service of being behind a major cyber attack on the West.

The Foreign, Commonwealth and Development Office (FCDO) said the National Cyber Security Centre (NCSC) had assessed that it was ‘highly likely’ the SVR was responsible for the so-called SolarWinds hack.

– July 2020

Britain, the United States and Canada accused Russian spies of targeting scientists seeking to develop a coronavirus vaccine.

The three allies said hackers linked to Russian intelligence were seeking to steal the secrets of research bodies around the world, including in the UK.