State involvement in MOD cyber attack ‘cannot be ruled out’
Grant Shapps has said that state involvement in the large-scale cyber attack on the Ministry of Defence (MOD) cannot be ruled out amid speculation China carried out the hack.
The Defence Secretary said there is evidence of "potential failings” of the contractor operating the payroll system that was hacked, “which mayhavemadeiteasierforthe malignactor”togainaccessto thebankdetailsofservicepersonnel and veterans.
Labour’s shadow defence secretary John Healey named the contractor as SSCL.
The firm says it provides business process services to 22 government departments and agencies and is responsible for paying 550,000 public servants.
Confirming the contractor was SSCL, Mr Shapps said he had asked for a review of the company’s work across government. Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPS.
He set out an eight-point plan to support and protect those potentially affected.
The Cabinet minister declinedtoidentifytheculprit, tellingthecommons:“forreasons of national security, we can’t release further details of the suspected cyber activity behind this incident.
“However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.”
Initial investigations have found no evidence that any data has been removed, but affected armed forces personnel have been alerted as a precaution.
The payment network is “an external system completely separate to the Mod's core network”,mrshappsstressed.
The system holds personal data – including names, bank details and some addresses – of regular reserve personnel and some recently retired veterans.
Prime Minister Rishi Sunak earlier also declined to say who was behind the cyber attack, but said the UK is taking the powers necessary “to protect ourselves against the risk that China and other countries pose to us”.
A spokesperson for the Chinese embassy said claims Beijing was behind the attack were “completely fabricated and malicious slanders”.