Defense Secretary Grant Shapps will brief MPs on a cyber attack on a database containing details of armed forces personnel, amid reports that China was behind the attack.
A third-party payroll system was hacked, potentially compromising the banking information of all service personnel and some veterans. A very small number of addresses may also have been accessed.
When the Ministry of Defense (MoD) discovered the breach, it took immediate action and took the external network, operated by a contractor, offline.
Downing Street also said the Government had launched a security review into the contractor’s activities.
But the Prime Minister’s official spokesman refused to comment on speculation about the origins of the attack ahead of Defense Secretary Grant Shapps’ planned statement to the House of Commons on the incident, saying only that the Ministry of Defense “took immediate action” to isolate the relevant network. Provide support to staff affected by the incident.
Mr Shapps is not expected to attribute the attack to any specific state or actor when he addresses MPs on Tuesday afternoon.
Cabinet minister Mel Stride said the Government took cybersecurity “extremely seriously” but also refused to pin the blame on Beijing.
He told Sky News, which first claimed China was behind the attack: “That’s an assumption. We’re not saying that at the moment.”
But Mr Stride said the Government viewed Beijing’s government as “an era-defining challenge” and that “we have our eyes wide open when it comes to China”.
Mr Stride confirmed the attack was on a third-party system rather than the MoD database, but “this is still a very important issue”.
The Department of Defense moved “very quickly” to take the database offline, the official added.
“We take cybersecurity extremely seriously. So do our intelligence services, and so does our military.”
The government’s renewed review of foreign and defense policy said cybersecurity “is at the very heart of this; it’s precisely those kinds of risks, particularly when it comes to state actors”.
It appears that initial investigations did not find any evidence that the data was removed.
However, affected service personnel will be warned as a precaution and expert advice will be provided. They will be able to benefit from personal data protection services to check whether their information is used or attempted to be used.
All salaries were paid on the last payday and no problems are expected with the next salary at the end of this month, although in a small number of cases there may be a slight delay in the payment of expenses.
The Ministry of Defense confirmed that Mr Shapps would “make a planned statement to the House of Commons this afternoon setting out the multi-point plan to support and protect personnel”.
Ministers will blame hostile and malicious actors but will not name the country behind the hacking.
The Department of Defense has been working rapidly to uncover the extent of the attack since it was discovered a few days ago.
Labour’s shadow defense secretary John Healey said: “The Defense Secretary is receiving many serious questions about this, particularly from Forces personnel whose details have been targeted.”
A Chinese embassy spokesman said allegations that Beijing was behind the attack were “completely fabricated and malicious slanders”.
They said: “China has always resolutely combated all forms of cyber attacks in accordance with the law.
“China does not encourage, support or condone cyber attacks. We also oppose the politicization of cybersecurity issues and the false smearing of other countries without real evidence.
“China has always supported the principle of non-interference in each other’s internal affairs. China has neither interest nor need to interfere in Britain’s internal affairs.
“We call on relevant parties in the UK to stop spreading misinformation, stop generating so-called China threat rhetoric, and stop their anti-China political nonsense.”
The statement comes after the UK and US accused China in March of waging a global campaign of “malicious” cyberattacks in an unprecedented joint operation to expose Beijing’s espionage.
Britain has accused Beijing of targeting an Electoral Commission watchdog in 2021 and being behind an online “reconnaissance” campaign targeting the email accounts of MPs and colleagues.
In response to Beijing-linked hacks against the Election Commission and 43 individuals, sanctions were imposed on Wuhan Xiaoruizhi Science and Technology Corporation, a front company, and two individuals linked to the APT31 hacking group.
But some MPs targeted by the Chinese state said the response did not go far enough and called on the Government to toughen its stance on China, labeling it a “threat” to national security rather than an “epoch-defining challenge”.
Former Conservative leader Sir Iain Duncan Smith echoed these calls, telling Sky News: “This is another example of why the UK Government must recognize that China poses a systemic threat to the UK and change the integrated review to reflect this.
“There is no need to argue anymore, he is a malicious actor who supports Russia with money and military equipment and works with Iran and North Korea in a new axis of totalitarian states.”
Former defense secretary Tobias Ellwood told the BBC’s Radio 4 Today programme: “This targeting the names of the payroll system and the bank details of service staff points to China because it may be part of a plan, a strategy, to see who can be put under pressure.” .” .”