About 270,000 UK forces records exposed to Chinese hackers

Dan Sabbagh Defence and security editor

An estimated 270,000 payroll records belonging to nearly all members of Britain’s armed forces have been exposed to Chinese hackers in a breach at a third-party contractor that was discovered a few days ago.

The data at risk includes names and bank details for full-time military personnel, part-time reservists, including at least one MP, and veterans who left after January 2018. It was managed by a private contractor, SSCL.

Grant Shapps, the defence secretary, told MPs the hack was the “suspected work of a malign actor and we cannot rule out state involvement”. Official sources were less circumspect and privately pointed the finger at China.

The minister told the Commons that there was not yet a “proven connection” to China, and he would not even mention the country by name, leading to criticism from several MPs for his caution.

John Healey, the shadow defence secretary, contrasted media reports of Chinese involvement with Shapps’s limited declaration, and accused ministers of having “no cross-government China strategy” and “completely inadequate resourcing” in defending against threats from Beijing.

Hackers are believed to have been present in the system for some time, possibly weeks, but there is no immediate evidence that any data was stolen or interfered with. Salary payment has not been affected, but personnel have been offered credit checks so that people can monitor whether bank details are being used without permission.

China denied it was involved and said the idea that it posed a threat to the UK was a gross distortion. A spokesperson for the Chinese embassy in London said: “We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce.”

Formal attribution of hacker attacks is often difficult, partly because attackers take care to cover their tracks – but it is also the case that diplomatic considerations play a part in when and how to accuse another country. The intelligence agencies GCHQ and the National Cyber Security Centre (NCSC) are understood to be involved in the latest investigation.

The Electoral Commission was hacked by Chinese actors in August 2021, and in March this year ministers held China responsible. The attackers gained access to copies of the electoral registers and broke into the agency’s emails and control systems. Parliamentarians critical of Beijing have also been targeted, the government has said.

Those affected by the latest hack include MPs who are active paid reservists, with the Conservative backbencher Bob Seely, a member of the army reserves, telling the Commons he had received a warning phone call. “It is a little frustrating to be told one’s bank details and national insurance number are winging their way to Beijing or wherever they have gone.”

Others potentially affected include Andrew Murrison, a junior defence minister, who acts as a surgeon commander in the Royal Navy. He has been regularly paid for his work over the past year according to his declaration in the parliamentary register. However, the MoD said it would not comment on individual cases.

The defence secretary also sought to shift the focus to the contractor, SSCL, a subsidiary of the Paris-headquartered Sopra Steria. Shapps said he was concerned about “potential failings” in the company and told MPs he had commissioned “a full review of their work” within MoD. The Cabinet Office had been asked to look at the activity of the company across government, he added.

SSCL was, until October 2023, 25%-owned by the Cabinet Office but was fully privatised at that point. Its parent company did not comment on Tuesday.

Official sources indicated that other high-profile MPs who are military reservists may not be affected because they are not active on duty and are therefore not paid.

They include James Cleverly, the home secretary, who is a reserve forces officer who has declared he “received no payments” since his election, and Tom Tugendhat, the security minister, who is a commissioned officer in the Naval reserve. Spokespeople for the ministers did not respond to requests for comment.

The SAS and other special forces are understood to be paid separately, and so are not affected. Royal veterans William the Prince of Wales, and his brother Harry left the military before 2018 and do not appear to fall in the affected groups, although they may not have had any payroll records at all.

An announcement had been planned on Tuesday, but details were leaked overnight to the media before personnel were briefed, military sources said. Once the hack was discovered, the system was taken offline.

Alfie Usher, an army veteran who runs Claims Bible, a military compensation specialist, said members of the armed forces should be vigilant.

“The MoD will offer a credit check software so people can keep an eye on new accounts being opened or any fraud alerts, along with individuals taking extra care when using their emails to avoid phishing scams,” he added.

Advertisement