Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans. The Ministry of Defence revealed that a […]

UK Transport for London

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans.

The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans.

The Ministry of Defence revealed that a malign actor gained access to part of the Armed Forces payment network, which is an external system completely separate to MOD’s core network.

Defence Secretary Grant Shapps told House of Commons that the impacted system is not connected to the main military HR system.

The UK Ministry of Defense is reviewing the operations of the impacted contractor and announced that appropriate measures will be taken.

The compromised information includes the personal data of regular and reserve personnel and some recently retired veterans. The malicious actor gained access to names and bank details, and, in a smaller number of cases, addresses of the impacted personnel.

The UK government did not publicly attribute the attack, however, the BBC reported that UK ministers suspected China was responsible

“Grant Shapps told MPs the government had reason to believe the hack “was the suspected work of a malign actor” – and the BBC understands that ministers suspect China was responsible.” states the BBC.

Mr. Shapps publicly criticized the contractor, stating there was “evidence of failings” in the management of the breached system.

“For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident,” Mr. Shapps added.

China denied any involvement in the attack and labeled the accusation as a “fabricated and malicious slander”.

“We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce,” a spokesman for the Chinese embassy in the UK said.

Labour’s shadow defence secretary John Healey speculated that the external contractor operating the breached system was Shared Services Connected Ltd (SSCL).

SSCL is a joint venture between the British government and a private tech firm, it provides services to the Home Office, Cabinet Office and Ministry of Justice.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, UK Ministry of Defense)