Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
Home News UK & World

State involvement in MoD cyber attack cannot be ruled out, Grant Shapps says

By Press Association
Defence Secretary Grant Shapps delivered a Commons statement on the cyber attack targeting service personnel (James Manning/PA)
Defence Secretary Grant Shapps delivered a Commons statement on the cyber attack targeting service personnel (James Manning/PA)

Grant Shapps has said that “state involvement” in the large-scale cyber attack on the Ministry of Defence (MoD) cannot be ruled out amid speculation China carried out the hack.

The Defence Secretary said there is evidence of “potential failings” of the contractor operating the payroll system that was hacked, “which may have made it easier for the malign actor” to gain access to the bank details of service personnel and veterans.

Labour’s shadow defence secretary John Healey named the contractor as SSCL.

The firm says it provides business process services to 22 government departments and agencies and is responsible for paying 550,000 public servants.

Confirming the contractor was SSCL, Mr Shapps said he had asked for a review of the company’s work across government.

Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs.

He set out an eight-point plan to support and protect those potentially affected.

The Cabinet minister declined to identify the culprit, telling the Commons: “For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident.

“However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.”

He also said: “We’ve launched a full investigation, drawing on Cabinet Office support and specialist external expertise to examine the potential failings of the contractor and to minimise the risk of similar incidents in the future.”

Initial investigations have found no evidence that any data has been removed, but affected armed forces personnel have been alerted as a precaution.

The payment network is “an external system completely separate to the MoD’s core network”, Mr Shapps stressed.

The system holds personal data – including names, bank details and some addresses – of regular reserve personnel and some recently retired veterans.

Changes are being made to the system to ensure it is secure before payments are recommenced, the Defence Secretary said.

The senior Tory apologised “to the men and women who are affected by this”, adding “it should not have happened”.

SSCL says on its website that it plays a “central role in delivering the MoD’s vision to transform core payroll, HR and pension services” for 230,000 military personnel and reservists and two million veterans.

The firm, a subsidiary of the Paris-based tech company Sopra Steria, says it processes more than £363 billion in payments each year, 6.77 million transactions and 1.5 million invoices.

The company, which says its “vision is to empower the UK public sector with digital solutions and innovative services”, also processes 1.2 million recruitment applications a year.

Prime Minister Rishi Sunak earlier also declined to say who was behind the cyber attack, but said the UK is taking the powers necessary “to protect ourselves against the risk that China and other countries pose to us”.

Rishi Sunak visit to London businesses
Prime Minister Rishi Sunak said there were ‘indications that a malign actor’ had compromised the payroll database (Kin Cheung/PA)

Conservative former leader Sir Iain Duncan Smith said he was “concerned” the Government was not able to point the finger at China.

“I think the Government is a bit conflicted about this,” he told Sky News, claiming the Foreign Office did not want to “upset China”.

“The truth is we know that China is the malign actor they’re referring to.”

A spokesperson for the Chinese embassy said claims Beijing was behind the attack were “completely fabricated and malicious slanders”.

They said: “China has neither the interest nor the need to meddle in the internal affairs of the UK.

“We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce.”

Labour’s Mr Healey said: “The MoD’s data security record is getting worse while threats against the UK rise – with a three-fold increase in MoD data breaches over the last five years.

“Such flaws in our cybersecurity must be fixed.”

The revelation of the MoD data breach comes after the UK and the US in March accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.

Britain blamed Beijing for targeting the Electoral Commission watchdog in 2021 and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.

The Metropolitan Police Service (MPS) also uses SSCL as payroll network provider.

The Met said: “There is currently no evidence to suggest that there has been any compromise of the MPS payroll service.”