MoD cyberattack: Three-week hacking operation ‘by China’ exposed details of 270,000 armed forces personnel

Sign up for the View from Westminster email for expert analysis straight to your inbox

Get our free View from Westminster email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A hacking attack on the British military by China was massive in scale, with 270,000 serving personnel, as well as reservists and veterans, from all three services affected.

The Special Forces have not been caught up in the breach, as they use a different, more secure system, but it remains unclear whether members of the Intelligence Corps, part of the army, are among those whose personal details may have been taken.

It is believed the hacking operation has been going on around three weeks, but was discovered last week after investigators started tracking “a pattern of unusual activity”.

The missing information includes identities and bank details and in a few thousand cases, addresses and national insurance numbers. There is no evidence, at present, that the data had been exploited, but service personnel will be offered advice on monitoring their accounts.

The defence secretary, Grant Shapps, was due to brief the Commons on Tuesday afternoon on what has happened. He was not expected to blame the Chinese state as being culpable.

“There are indications that a malign actor has compromised the armed forces payment network,” Prime Minister Rishi Sunak told reporters during a visit to a football academy in London on Tuesday.

“I do want to reassure people that the Ministry of Defence has already taken the action of removing the network offline and making sure that people affected are supported in the right way,” he added.

The trail so far goes back to hacking groups. And although they have acted on behalf of the Beijing regime, security officials point out that it could take months to establish a direct link.

Tobias Ellwood, the Conservative MP and former soldier, told Sky News, that China “was probably looking at the financially vulnerable with a view that they may be coerced in exchange for cash”.

Labour’s shadow defence secretary, John Healey, said there are “so many serious questions for the defence secretary on this, especially from forces personnel whose details were targeted… Any such hostile action is utterly unacceptable.”

Sir Iain Duncan Smith, the former Conservative leader, who has been sanctioned by China, said: “This is yet another example of why the UK government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that. No more pretence, it is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.”

A spokesperson for the Chinese embassy in London said: “China has always upheld the principle of non-interference in each other’s internal affairs. China has neither the interest nor the need to meddle in the internal affairs of the UK. We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce.”

The defence breach came just weeks after ministers accused Beijing of being behind an attack on the UK’s voting registers, which gave China access to the names and addresses of millions of people.

Mr Sunak subsequently called China “the greatest state-based challenge to our national security” and an “epoch-defining challenge”.

Last year, the government published an updated version of its long-term defence strategy which said the use of “commercial spyware, ransomware and offensive cyber capabilities by state and non-state actors has proliferated”.

In December 2023, the National Cyber Security Agency said that Russia was responsible for “malicious cyber activity attempting to interfere in UK politics and democratic processes”.

Public institutions and private firms have also been targeted by hackers demanding ransoms.