UK Ministry of Defense confirms payroll data was exposed in data breach

8 May 2024

1 MIN read


The UK Ministry of Defence (MoD) has confirmed that it recently suffered a security breach, with hackers gaining access to a portion of the Armed Forces payment network. The compromised system, managed by an external contractor, contained personal data of active, reserve, and recently retired military personnel.

Defence Secretary Grant Shapps addressed the House of Commons, stating that the MoD identified the intrusion “in recent days” and promptly isolated the affected system to prevent further spread. The incident did not significantly impact salaries, expense payments, or veterans’ pensions, with all April salaries being paid as scheduled.

Shapps emphasized that the compromised system was separate from the MoD’s core network and had no connection to the main military HR system. The exposed data primarily consisted of names and banking details, with addresses also available in some cases. It is estimated that approximately 270,000 payroll records were exposed.

While the investigation is ongoing, there are indications of potential failings on the contractor’s side that may have enabled the unauthorized access. At present, there is no evidence of data theft, but affected service personnel have been informed of the risk through their chain of command. Veterans potentially impacted by the breach will receive letter notifications.

Shapps confirmed that a malicious actor was behind the attack and stated that foreign state involvement is a possibility at this stage. Although the UK government has not officially attributed the attack, multiple media outlets are reporting that China is believed to be responsible.