China blamed for Ministry of Defence attack that exposed military personnel data

British Army soldier from the Anglian Regiment poses for a press photo as part of a Ministry of Defence (MoD) campaign during a military exercise on Salisbury Plains on July 23, 2020 near Warminster, England
(Image credit: Getty Images)

A Ministry of Defence (MoD) data breach that exposed personal data belonging to UK military personnel has been attributed to a compromised third-party payroll system.

The data, relating to an unknown number of people, is believed to include the names and bank details of both current and past members of the Royal Navy, British Army, and Royal Air Force as well as a small number of addresses. The database is not linked to the MoD's own systems.

Defence secretary Grant Schapps is expected to make an official statement this afternoon, promising a full investigation. However, it is understood that the MoD has already taken the system offline and is notifying all those who may have been affected.

"So many serious questions for the defense secretary on this, especially from Forces personnel whose details were targeted," said shadow defense secretary John Healey. "Any such hostile action is utterly unacceptable."

There's currently no hint as to who may have carried out the attack, although it's believed that it was probably carried out by a hostile nation state, with the finger pointed firmly at China.

Speaking to Radio 4's Today programme this morning, conservative MP Tobias Ellwood said the incident “does point to China” and suggests that state-backed hackers could be trying to coerce or manipulate service personnel.

Earlier this year, the National Cyber Security Centre (NCSC) warned that the China state-affiliated hacking group APT31 targeted parliamentarians’ emails in 2021.

The compromise of computer systems at the UK Electoral Commission between 2021 and 2022 was also attributed to a China state-affiliated group.

Ministry of Defence breach highlights surging threats

Martin Greenfield, CEO of cyber security consultancy, Quod Orbis, said the incident underlines the heightened state-backed cyber threats faced by organizations across the UK.

"This data breach affecting the personal information of the UK military personnel is the latest in a slew of attacks that further demonstrates the growing threat of cyber attacks targeting nationally sensitive data," he said.

"In this context, the breach of personal information could lead to further targeted attacks, both in the digital and physical realm. When we consider the ongoing tensions in Ukraine and Israel, such attacks pose a wider risk to MoD operations in the area."

The government has been criticized for not doing enough to fight Chinese-sponsored hacking, most notably by MPs who were targeted by an online reconnaissance campaign during 2021. Many are calling for greater government efforts to counter the threat.


"Protecting our digital landscape is just as critical as safeguarding the physical realm and this latest data breach highlights yet again the importance for increased investment in defense and security measures," said Jake Moore, global cyber security advisor at security firm ESET.

"Cyber security standards are vital in government organizations but they don’t always operate in the way they are designed. A framework is often laid out as a gold standard, but in reality corners are cut."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.