London: UK Defence Secretary Grant Shapps will update members of Parliament on a cyberattack on a database containing details of armed forces personnel amid reports that China was behind the hack.
A third-party payroll system has been hacked, potentially compromising the bank details of all serving personnel and some veterans, along with this, a few addresses may also have been accessed.
The Ministry of Defence (MoD) took immediate action when it discovered the breach, taking the external network — operated by a contractor — offline.
Cabinet Minister Mel Stride said the government takes cybersecurity “extremely seriously”.
The Work and Pensions Secretary said the government was not yet blaming Beijing.
He told Sky News, which first claimed China was behind the hack: “That is an assumption. We are not saying that at this precise moment.”
But Stride said the government viewed Beijing’s government as an “epoch-defining challenge” and “our eyes are wide open when it comes to China”.
He confirmed the attack was on a third-party system rather than an MoD database, but “nonetheless, that’s still a very significant matter”.
He added that the Ministry of Defence acted “very swiftly” to take the database offline.
“We take cybersecurity extremely seriously. Our intelligence services do, our military does as well.”
The government’s refreshed review of foreign and defence policy had cybersecurity “right at the heart of that, exactly these kinds of risks, particularly when it comes to state actors”.
It is understood that initial investigations have found no evidence that data has been removed.
However, affected service personnel will be alerted as a precaution and provided with specialist advice, as well as they will be able to use a personal data protection service to check whether their information is being used or an attempt is being made to use it.
All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.
The MoD confirmed Shapps “will make a planned statement to the House of Commons on Tuesday noon setting out the multi-point plan to support and protect personnel”.
The Ministers will blame hostile and malign actors but will not name the country behind the hacking.
The MoD has been working swiftly to uncover the scale of the attack since it was discovered several days ago.
Labour’s shadow Defence Secretary John Healey said: “So many serious questions for the Defence Secretary on this, especially from forces personnel whose details were targeted.”
The revelation comes after the UK and the US in March accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.
Britain blamed Beijing for targeting the Electoral Commission watchdog in 2021 and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.
In response to the Beijing-linked hacks on the Electoral Commission and 43 individuals, a front company, Wuhan Xiaoruizhi Science and Technology Company, and two people linked to the APT31 hacking group were sanctioned.
But some of the MPs targeted by the Chinese state said the response did not go far enough, urging the government to toughen its stance on China by calling it a “threat” to national security rather than an “epoch-defining challenge”.
Conservative former leader Sir Iain Duncan Smith repeated those calls, telling Sky News: “This is yet another example of why the UK government must admit that China poses a systemic threat to Britain and change the integrated review to reflect that.”
“No more pretence, it is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states,” he added.
Former Defence Minister Tobias Ellwood told the BBC’s Radio 4 Today programme: “Targeting the names of the payroll system and service personnel’s bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.”
(IANS)