Grant Shapps apologises to 270,000 armed forces personnel after MoD hack

Sign up for the View from Westminster email for expert analysis straight to your inbox

Get our free View from Westminster email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Grant Shapps has apologised to more than a quarter of a million members of the armed forces after the Ministry of Defence was targeted by hackers.

The defence secretary said the breach, which put at risk the bank details of all serving personnel and some veterans, “should not” have happened.

He pointed to “potential failings” by a third party contractor as he confirmed up to 272,000 soliders, sailors and air crew have been affected.

Ministers have launched an investigation into the attack which has left Rishi Sunak under intense pressure to toughen his stance on China.

Former Tory leader Iain Duncan Smith said the hack was another example of why the government must admit that China poses a systemic threat to the UK.

“No more pretence,” he added. “It is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.”

Shadow chancellor Rachel Reeves described the hack as “deeply concerning” and said that the government had questions to answer over security.

Hackers attacked a payroll system run by Shared Services Connected Limited (SSCL), meaning a very small number of addresses may also have been accessed.

When it discovered the breach the MoD took the external network, operated by the contractor, offline.

A helpline has been set up and a full review ordered into SSCL’s work within government.

Mr Shapps told MPs ministers were unsure if the data had been stolen, but were acting as if it had in order to provide “absolute security”.

Although he did not name China, he said "state involvement" could not be ruled out.

He told MPs: “For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident. However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.”

A number of Tory MPs, including Mr Duncan Smith, have warned the government’s current position does not go far enough and want ministers to label China a "threat" to national security, rather than an "epoch-defining challenge".

Fomer minister and Tory MP Tim Loughton told The Independent that “of course” the latest hack showed the UK should designate China a threat.

In the Commons ex-defence minister Mark Francois asked Mr Shapps: “The government seems to have briefed it was China but not had the nerve to confirm it... when, oh when, are we going to stand up to the Chinese?”

Former defence minister Tobias Ellwood told the BBC's Radio 4 Today programme: "Targeting the names of the payroll system and service personnel's bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced."

Tory MP Bob Seely said it was "a little frustrating" to hear his information could have been compromised, saying it was a “little frustrating to be told that one's bank details and National Insurance number are winging their way to Beijing”.

Earlier cabinet minister Mel Stride said: "our eyes are wide open when it comes to China".

The Ministry of Defence acted "very swiftly" to take the database off-line, he added.

"We take cybersecurity extremely seriously. Our intelligence services do, our military does as well."

The Government's latest review of foreign and defence policy had cybersecurity "right at the heart of that, exactly these kinds of risks, particularly when it comes to state actors," he said.

Affected personnel have been alerted as a precaution and provided with specialist advice, the govermment said.

The hack is not expected to affect paydays, although there may be a slight delay in the payment of expenses in a small number of cases.

Labour's shadow defence secretary John Healey said the hack, discovered several days ago, raised “many serious questions” for the defence secretary.

In March, in an unprecedented joint operation, the UK and the US accused China of a global campaign of "malicious" cyber-attacks.

Beijing was also blamed for targeting the elections watchdog, the Electoral Commission in 2021, and for a campaign of "reconnaissance" directed at MP emails.