Cybersecurity

U.K. Armed Forces’ Data Stolen by State-Linked Hackers, Lawmakers Say


The personal information of British military personnel has been hacked in a significant new data breach likely to have been orchestrated by a state, senior British politicians said on Tuesday.

The cyberattack, which targeted a third-party payroll system used by Britain’s Ministry of Defense, yielded the names and bank details of some serving members of the armed forces and some veterans, they said, as well as a small number of addresses.

The payroll system, which is not connected to the defense ministry’s own internal network, has been taken offline and the government has not publicly blamed anyone for the data breach, or confirmed British media reports pointing a finger at China.

In March Britain accused China of cyberattacks that compromised the voting records of tens of millions of people, and said that the Chinese had attempted unsuccessfully to hack email accounts belonging to several members of Parliament. The deputy prime minister, Oliver Dowden, also announced sanctions against two individuals and one company linked to a state-affiliated group implicated in those attacks.

On Tuesday Mel Stride, a cabinet minister, acknowledged that the latest data breach was significant, adding that the Ministry of Defense took cybersecurity extremely seriously.

“The M.O.D. has acted very swiftly to take this database offline — it’s a third-party database incidentally, not one run directly by the M.O.D. — and of course they are there to advise and provide support to those who may be concerned about the fact that this data has been breached,” he told Sky News, which first reported the cyberattack on Monday night.

Mr. Stride said that a recent policy review had focused on “exactly these kinds of risks, particularly when it comes to state actors, so we are very alive to that,” though he declined to name who he thought responsible.

Other security experts note that China has been active in trying to access large troves of data before — including from British voters — and on Tuesday several British lawmakers were more explicit in their criticism of Beijing.

Tobias Ellwood, a Conservative lawmaker and former chairman of the House of Commons’ Defense Select Committee, told Sky News that China “was probably looking at the financially vulnerable with a view that they may be coerced in exchange for cash.”

Writing on social media, Iain Duncan Smith, a Conservative Party lawmaker, former party leader and critic of the Chinese government, described the hacking of the payroll database as “yet another example of why the U.K. government must admit that China poses a systemic threat to the U.K.”

He added: “No more pretense, China is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.”

In a statement the government said that the defense secretary, Grant Shapps, would address the House of Commons on Tuesday afternoon, “setting out the multipoint plan to support and protect personnel.”

John Healey, who speaks for the opposition Labour Party on defense issues, said there were “so many serious questions for the defense secretary on this, especially from Forces personnel whose details were targeted.” Writing on social media he added: “Any such hostile action is utterly unacceptable.”

Asked about the reports, Lin Jian, a spokesman for the Chinese Ministry of Foreign Affairs, was curtly dismissive.

“The remarks from British politicians concerned are utter nonsense,” Mr. Lin told a regular news briefing in Beijing on Tuesday. “China has always resolutely opposed and fought against all forms of cyberattacks, and firmly opposes exploiting cybersecurity issues for political ends to willfully malign other countries.”

Chris Buckley contributed reporting from Taipei.



Source

Related Articles

Back to top button