MoD hack: IT contractor concealed major hack for months
SSCL was reportedly awarded a contract worth over £500,000 in April, despite the breach occurring weeks earlier
An IT contractor for the UK government concealed a cybersecurity breach for months, which compromised the data of hundreds of thousands of current and former military personnel.
The data breach, orchestrated by a suspected Chinese hacking group, targeted Shared Services Connected Ltd's (SSCL) systems, accessing personal information belonging to nearly 270,000 Ministry of Defence (MoD) personnel.
Whitehall insiders told The Guardian that SSCL had become aware of the breach in February but failed to report it to the government until recently.
Grant Shapps, the defence secretary, confirmed the hack in Parliament last Tuesday, stating that "malign actors" had accessed payroll records including home addresses.
While China is suspected, the government hasn't officially named the country.
In his speech, Shapps outlined an eight-point plan aimed at supporting and protecting those affected by the hack. He did not mince his words in criticising SSCL, citing evidence of potential failings within the contractor's systems that may have paved the way for the malicious intrusion.
Sources said SSCL was awarded a cybersecurity monitoring contract worth over £500,000 in April, despite the breach occurring weeks earlier. Officials are reportedly considering revoking this contract.
The data exposed in the MoD hack represents only a portion of SSCL's government work. Whitehall sources claim the company, an arm of French tech giant Sopra Steria, holds undisclosed cybersecurity contracts for other government departments. These contracts are so sensitive, their details haven't been publicly revealed.
The lack of transparency is causing significant concern. Given SSCL's critical role in government IT functions, a wider system compromise is feared.
SSCL and Sopra Steria hold a combined £1.6 billion in government contracts, including highly sensitive functions like Home Office recruitment, pension administration and broader payment systems.
Shapps assured Parliament that a "full review" of SSCL's work across government is underway. Additionally, specialists are conducting a forensic investigation into the hack's origins.
The government owned a 25% stake in SSCL until last October.
Internal sources said the company was aware of being a target for cyberattacks. Sopra Steria's website has had a public warning about identity theft for at least three years, hinting at past security concerns.
While Shapps stopped short of implicating China directly for the hack, several politicians said the attack bears the hallmarks of Chinese origin.
Former Conservative leader Sir Iain Duncan Smith urged the government to acknowledge China as a systemic threat.
"This is yet another example of why the UK government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that," he told Sky News.
"No more pretence, it is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states."
The Chinese embassy in London denied any involvement in the hack, dismissing the allegations as fabricated.
"We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce," a spokesperson said.
In March, the UK government imposed sanctions on Chinese individuals and a technology firm in Wuhan for their involvement in cyberattacks targeting MPs and the Electoral Commission.