UK probes ‘potential failures’ at military contractor over suspected Chinese hacking

Unlock Editor’s Digest for free

Roula Khalaf, FT Editor, picks her favorite stories in this weekly newsletter.

The British government said on Tuesday it was investigating “potential failings” at SSCL, the private IT contractor that was breached in a suspected Chinese cyberattack targeting military personnel records. Older brother.

The hack of the company, which has many government contracts providing business services to other departments, accessed the records of up to 272,000 people on the Internet. Defense Ministerpayroll of.

Defense Secretary Grant Shapps said the attack was discovered in recent days to have been carried out by a “malicious actor”. He did not confirm who was behind the incident, but a person briefed on the incident said Beijing was believed to be the culprit.

Shapps told MPs: “We think the private contractor has many questions to answer. “If it is true, there was negligence. . . We will take the strongest action,” he added.

SSCL holds payroll details for most of the British armed forces and a total of 550,000 civil servants through other government contracts, including with the Home Office, Ministry of Justice and Metropolitan Police.

It was established in 2013 as a joint venture between the Cabinet Office and Sopra Steria, a digital services company based in Paris, as part of a broader government effort to reform civil service and save taxpayers money by centralizing functions.

It claims to have saved the public sector £750m over the past decade. The Cabinet Office sold its 25% stake in SSCL to Sopra Steria last year. The company did not immediately respond to a request for comment.

According to SSCL’s website, SSCL provides business services to 22 government departments and agencies and processes more than £363 billion in payments each year. According to official data, it has been awarded more than 207,000 government contracts.

Tobias Ellwood, a Conservative MP and former defense secretary, said: “We need to see the resilience of all third-party contractors engaged with Whitehall departments protected under the standards are the same as the ministries themselves.”

John Healey, the opposition Defense Secretary, said private contractors were “the soft bedrock of national security”.

Philip Davies, a professor of intelligence studies at Brunel University in London, described the hack as “very alarming because if a company close to the Cabinet Office had lax security compliance then companies would be exposed.” out from the center of government – ​​or their subcontractors, subcontractors.” subcontractors and service providers?”

The UK has previously accused Chinese hackers of trying to break into the email accounts of MPs critical of Beijing and also blamed them for the attack on the country’s election watchdog, causing damaging the data of millions of people.

Chinese Foreign Ministry spokesman Lin Jian said Beijing opposes all forms of cyberattacks and said any comments by British politicians claiming China was responsible for the Ministry of Defense hack is absurd”.

The UK government believes that anyone accessing MoD data did not download it. Members of the armed forces were informed of the cyber attack on Tuesday morning.

Fran Heathcote, general secretary of the Public and Commercial Services union which represents civil servants, said: “We have not had any specific problems with SSCL and today we have been assured that details of the Our members are leak-free.

“However, we are concerned that hiring private companies to carry out this type of work will leave our members’ data more vulnerable because it involves a third party being entrusted performing a function on behalf of the state, rather than being performed internally by the government.” Trusted staff.”

Additional reporting by Sylvia Pfeifer