cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

UK Defence Secretary shares MOD cyber attack details

New details have emerged regarding the attack on the UK Ministry of Defence overnight, as affected personnel are notified of the incident.

user icon Daniel Croft
Wed, 08 May 2024
UK Defence Secretary shares MOD cyber attack details
expand image

UK Defence Secretary Grant Shapps provided a statement to the UK House of Commons on Tuesday, 7 May, BST, confirming that the attack resulted in the banking information of some active, reserve and veteran defence personnel.

“The contractor-operated system in question held the personal data of regular and reserve personnel and some recently retired veterans,” said Shapps

“This includes names and bank details, and, in a smaller number of cases, addresses.”


Shapps also reiterated that the system accessed was external and operated by a contractor, “completely separate to the MOD’s core network, and it is not connected to the main military HR system”.

An investigation into the breach has begun, with evidence so far indicating “evidence of potential failings” on the part of the contractor that may have made it easier for the threat actors to gain access.

Despite this, there is currently no evidence to suggest that any data was exfiltrated.

While Shapps said that they were unable to release specific details of the breach due to national security concerns, he did say that the attack was likely conducted by a threat actor.

“Mr Speaker, for reasons of national security, we cannot release further details of the suspected cyber activity behind this incident,” he said.

“However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor, and we cannot rule out state involvement.

“This incident is further proof that the UK is facing rising and evolving threats.”

In response to the breach, the MOD said it has launched an eight-point plan that entails its actions upon discovery of the breach and how it will assist the affected individuals.

“Firstly, we immediately took the system offline. This has secured it against further similar threats,” wrote Shapps.

“Secondly, we have launched a full investigation, drawing on Cabinet Office support and specialist external expertise to examine potential failings by the contractor and to minimise the risk of similar incidents in the future.

“Three – whilst our initial investigations have found no evidence that any data has been removed, as a precaution, we have today alerted those service personnel affected through the chain of command,” said Shapps, adding that they are sending letters to a small number of veterans who may have been affected and have retired.

“Four – specialist advice and guidance on data security has been shared and will be available on gov.uk.

“Fifth, we have additionally set up a helpline to support individuals. This helpline is available now, and the number is 01249 596665.”

For the sixth step, Shapps said that the MOD is providing its affected serving personnel with a “commercial personal data protection service”, which will monitor the personal data of affected individuals and notify them of any abnormal activity.

“Seven – welfare and financial advice is available where needed through each individual’s chains of command,” Shapps said.

“And eight, on becoming aware of this incident, MOD stopped the processing of all payments and isolated the system.”

Additionally, despite the attack being on an external network, the MOD is currently reviewing all of its own systems to prevent this from happening in the future.

“This was the work of a malign actor who compromised a contractor-run network, entirely separate from the MOD core system,” Shapps said.

“However, as I’ve said, we cannot, at this stage, rule out state involvement from elsewhere.

“This eight-point plan outlines the immediate and significant action we have taken to protect our most precious resource, our people.

“And, even though this has occurred on a contractor system, with a malign actor involved – and we can’t rule out that foreign state involvement – I want to apologise to the men and women affected by this.

“It should not have happened, and this eight-point plan seeks to ensure it is put right and that it cannot happen again.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.