HQ/EMEAFind out how we can help your business
The UK Ministry of Defence allegedly suffered a data breach incident after a threat actor had infiltrated its systems, allowing it to gain access to a portion of the Armed Forces payment network.
Based on reports, the compromised system contained personal information for active and reserve members and some recently retired veterans. In a statement to the House of Commons earlier this week, the Defence Secretary explained vaguely that the Ministry of Defence (MoD) detected the infiltration “in recent days.”
Moreover, after learning of the compromise, the agency’s spokesperson clarified that they immediately isolated the affected system. This action has allowed the ministry to isolate its system to prevent the intrusion from spreading and stop processing all payments.
The overall system of the UK Ministry of Defence has not significantly suffered during the breach.
Despite the attack on the UK Ministry of Defence, the incident had no significant influence on salaries, expenses, or veterans’ pensions. In addition, the Defence Secretary stated that he can confirm that all April salaries have been paid.
On the other hand, their initial investigation uncovered that the hackers targeted an external system maintained by a contractor. Fortunately, this targeted system is entirely separate from the MoD’s core network and has no relation to the primary military HR system.
Currently, the confirmed details within the compromised site are mostly names and banking information, although some addresses are included. Still, the alarming part of this incident is that approximately 270,000 payroll records have been compromised.
The inquiry into the attack has yet to reveal how the intrusion happened. However, the defence secretary stated that there is evidence of inadvertent misconfigurations on their contractor’s end, which could have permitted the unauthorised access.
As of now, there is no proof that the hacker stole any material, but MoD has already notified affected service personnel about the risk. Furthermore, potentially affected veterans will receive written notices about the event and the data compromised.
MoD’s secretary stated that hackers could have carried out the hack with the assistance of a foreign state-sponsored hacking group. The UK government did not formally link the malicious activity to any specific organisation, although many media outlets say China participated in the attack.
