SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

The UK Says a Huge Payroll Data Breach by a ‘Malign Actor’ Has Exposed Details of Military Personnel

The UK Ministry of Defense said a breach at a third-party payroll system exposed as many as 272,000 armed forces personnel and veterans.

The names and bank details of thousands of serving British soldiers, sailors and air force members have been exposed in a data breach by a “malign actor” who may have had state help, defense officials said Tuesday.

The Ministry of Defense said the breach occurred at a third-party payroll system holding bank details of as many as 272,000 serving armed forces personnel and recent veterans. In a few cases, addresses may also have been exposed.

Defense Secretary Grant Shapps said officials had “immediately taken the system offline” and launched an investigation into the breach and possible failings by the contractor, SSCL, which describes itself as “the largest provider of critical business support services for government.”

“We cannot rule out state involvement,” Shapps told lawmakers in the House of Commons, though he said the government did not yet have evidence to make that conclusion.

Shapps did not confirm reports by Sky News and the BBC that Chinese hackers are suspected of carrying out the cyberattack.

“For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident,” he said.

Labour Party defense spokesman John Healey asked why “the media has clearly been briefed that China was behind” the attack if the government wasn’t prepared to say so.

China’s Ministry of Foreign Affairs, when asked about the reports, said it opposed all forms of cyberattacks and is against “the use of cybersecurity issues to smear other countries for political purposes deliberately.”

Advertisement. Scroll to continue reading.

SSCL was founded as a joint venture between the British government and a private tech firm. The government sold its final 25% stake in the firm last year. SSCL clients also include the Home Office, Cabinet Office and Ministry of Justice.

In March, Britain and the United States alleged that hackers linked to the Chinese government had targeted U.S. officials, journalists, corporations, pro-democracy activists and the U.K.’s election watchdog in a campaign of “malicious” cyberattacks. The two countries imposed sanctions on several individuals and the U.S. charged seven alleged hackers, all believed to be living in China.

Written By

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

PR and marketing firm FleishmanHillard named Scott Radcliffe as the agency's global director of cybersecurity.

More People On The Move

Expert Insights

Related Content

ChatGPT attack ChatGPT attack

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

March 28, 2023
Zendesk Hacked After Employees Fall for Phishing Attack

Cybercrime

Zendesk Hacked After Employees Fall for Phishing Attack

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

January 24, 2023
Okta hack Okta hack

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

November 3, 2023
Hackers Stole Encrypted Backups, MFA Settings from GoTo, LastPass Hackers Stole Encrypted Backups, MFA Settings from GoTo, LastPass

Data Breaches

LastPass Says DevOps Engineer Home Computer Hacked

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

February 27, 2023
Sony hacked Sony hacked

Data Breaches

Sony Confirms Data Stolen in Two Recent Hacker Attacks

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

October 5, 2023
Delta Dental Says Data Breach Exposed 7 Million Customers

Data Breaches

Delta Dental Says Data Breach Exposed 7 Million Customers

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

December 18, 2023
Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor

Data Breaches

Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

March 10, 2023
Atlassian Investigating Security Breach After Hackers Leak Data

Data Breaches

Atlassian Investigating Security Breach After Hackers Leak Data

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

February 17, 2023