State involvement not ruled out as up to 272,000 personnel hit in data breach

State involvement cannot be ruled out following the cyber attack on a database containing the details of Armed Forces personnel, the Defence Secretary has insisted.

Grant Shapps was speaking to the Commons after it emerged a payroll system run by a contractor had been hacked, with unconfirmed reports suggesting China was to blame.

Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs

• Working in military cyber lets you 'do things that anywhere else would get you locked up'
• MOD reveals more than 350 of its devices lost or stolen in last year
• UK's 'limited' Indo-Pacific presence criticised amid fears conflict not far away

The cyber attack potentially compromised the bank details of regular and reserve personnel as well as some veterans - with a small number of addresses also potentially being accessed.

The Defence Secretary said there was evidence of "potential failings" of the contractor operating the payroll system that was hacked, which may have made it easier for the "malign actor" to gain access to the bank details of service personnel and veterans.

He set out an eight-point plan to support and protect those potentially affected.

Mr Shapps declined to identify the culprit, telling the Commons: "For reasons of national security, we can't release further details of the suspected cyber activity behind this incident.

"However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement."

Prime Minister Rishi Sunak also declined to identify who was behind the attack.

But after being pressed on his stance on China, Mr Sunak said he had set out a robust policy towards Beijing, taking the powers necessary "to protect ourselves against the risk that China and other countries pose to us".

He added that Britain was facing an "axis of authoritarian states, including Russia, Iran, North Korea and China" that posed a risk to the UK's values and interests.

The Ministry of Defence suspended the hacked payroll service and alerted all those who might have been affected.

It sent out a letter, penned by the MOD's Permanent Secretary, David Williams, and General Gwyn Jenkins, the Vice Chief of the Defence Staff, updating personnel on the cyber attack.

It said there was no evidence to show the personal data was now in the public domain, although the letter did say if there was any change to this, personnel would be immediately informed via their chain of command.

Mr Williams and Gen Jenkins said while the attack would "undoubtedly result in increased levels of anxiety - for which we apologise - the support and guidance… provided will help keep your data protected and you safe".

After finding out about the leak, the MOD took the external network, which was operated by a private contractor, offline.

It is understood that initial investigations have found no evidence that data had been removed.

Work & Pensions Secretary Mel Stride earlier told Sky News the Government was not yet blaming China for the attack.

He told the news network, which had claimed China was behind the cyber attack, that that was just an "assumption".

"We are not saying that at this precise moment," he insisted.

But Mr Stride said the Government viewed Beijing as an "epoch-defining challenge", adding: "Our eyes are wide open when it comes to China".

He confirmed the attack was on a third-party system rather than a MOD database, but "nonetheless that's still a very significant matter".

The MOD acted very swiftly to take the database offline, he added.

"We take cybersecurity extremely seriously. Our intelligence services do, our military does as well," he said.

Personnel will also be able to use a personal data protection service to check whether their information is being used or an attempt is being made to use it.

All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.

Shadow Defence Secretary John Healey said: "So many serious questions for the Defence Secretary on this, especially from Forces personnel whose details were targeted."

Former defence minister Tobias Ellwood told the BBC's Radio 4 Today programme: "Targeting the names of the payroll system and service personnel's bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced."