The personal information of members of the British army, navy and air force has been hacked in a major data breach, raising alarm about a growing threat of cyber attacks by hostile states, Britain’s defense secretary said on Tuesday.
The attack targeted a third-party payroll system used by Britain’s Ministry of Defence, exposing the names and banking details of serving members of the armed forces and some veterans, as well as a small number of addresses.
The payroll system, which is not connected to the Defense Ministry’s own internal network, has been taken offline and the government has not publicly blamed anyone for the data breach, nor confirmed claims by some lawmakers who pointed the finger at China. .
“We have indications that this is suspected to be the work of a malign actor and we cannot rule out state involvement,” Grant Shapps, the defense secretary, said in a statement to Parliament. “This incident is further evidence that the UK faces growing and evolving threats,” he said, adding: “I fear the world is becoming a little more dangerous.”
Shapps said an investigation had been launched into the data breach of the system run by SSCL, a contractor that also runs some commercial services for London’s Metropolitan Police. Only a “small number” of addresses had been leaked, he added.
Earlier, British Prime Minister Rishi Sunak refused to speculate on the origin of the attack but told broadcasters that the Ministry of Defense had taken the network offline and was supporting those affected.
Asked specifically whether Chinese hackers were responsible, he said China was a country “with fundamentally different values than ours,” which was “acting in a more authoritarian manner at home and assertive abroad.”
Britain was facing “an axis of authoritarian states including Russia, Iran, North Korea and China” and had taken a “very robust” approach to the government in Beijing, Sunak said.
Security experts point out that China has already actively tried to access large amounts of data, including that of British voters.
In March, Britain accused China of cyberattacks that compromised the voting records of tens of millions of people and said the Chinese had tried unsuccessfully to hack email accounts belonging to several members of Parliament. Deputy Prime Minister Oliver Dowden also announced sanctions against two people and a company linked to a state-affiliated group involved in those attacks.
On Tuesday, Ciaran Martin, former executive director of Britain’s National Cyber Security Center, said that Britain He wants to “be technically sure” and probably incorporate allies, before formally accusing another State or a criminal group. “That takes time, and rightly so. Precision and allies are more important than speed,” he wrote on social media.
Few countries considered that spying on others’ military assets would violate the unwritten rules of international relations, Martin added, describing the data breach as “a serious incident, but on the lower end of serious.”
Several British lawmakers were more explicit in their criticism. Tobias Ellwood, a Conservative lawmaker and former chairman of the House of Commons Defense Select Committee, told Sky News that China was “probably looking at the financially vulnerable with the idea that they could be coerced in exchange for cash.”
In an article on social media, Iain Duncan Smith, a Conservative Party lawmaker, former party leader and critic of the Chinese government, described the payroll database hack as “yet another example of why the UK government must admit that China represents a systemic threat to the United Kingdom”
And he added: “No more pretensions, China is an evil actor, which supports Russia with money and military equipment, which works with Iran and North Korea in a new axis of totalitarian states.”
John Healey, who speaks for the opposition Labor Party on defense issues, said there were “many serious questions for the Defense Secretary about this, especially from Armed Forces personnel whose details were attacked”. Writing on social media he added: “Any hostile action of this kind is absolutely unacceptable.”
When asked about the reports, Lin Jian, a spokesperson for the Chinese Foreign Ministry, was dismissive.
“The comments by the British politicians in question are complete nonsense,” Lin said at a regular news conference in Beijing on Tuesday. “China has always resolutely opposed and fought all forms of cyber attacks, and firmly opposes exploiting cybersecurity issues for political purposes to intentionally smear other countries.”
Chris Buckley contributed reporting from Taipei.