UK armed forces' personal data accessed in hack

Could likely include CFAVs now that we use the MoDs payroll system for VA!

1 Like

It is understood the MoD has taken immediate action and the system has been taken off-line

Defence Gateway does indeed appear to be offline.

Too late to call Beadwindow?

Well that sounds like a payout, might even make up for my Commandant mandated pay cut


I think you mean “remunerative reduction through changes to financial recompense,” not “pay”.

Sky news are reporting that China are behind this attack. BBC still saying they don’t know, but Sky says that the government are gong to accuse China today.

1 Like

It’ll be Kayden, a 15 year old kid from Brixton with 2000 hours in Minecraft.

Realistically you’d expect nation state, there are two that could do it and maybe 4 that might try.


Interesting timing for the release of this news, almost immediately following the release of this potentially embarrassing story…

In private they are saying that … but won’t be publicly naming and shaming

BBC Newsbeat (Radio1) were saying China this morning

Letter just gone out to all SP, and the wider MoD. Not protectively marked, and clearly aimed for public view, so:

This message is related to service personnel only but is being shared widely across Defence for everyone’s information.

We are writing to inform you of a compromise to an Armed Forces payment network. This is an external network, separate to MOD’s core systems, and is not connected to the main military HR system - JPA. This is operated by a contractor. All functions within the JPA system have continued securely throughout.

This incident potentially impacts personal data of current regular and reservist personnel and a small number of veterans. The data includes names and bank details, and for a small proportion of individuals, addresses.

We want to reassure you that we have taken immediate remedial action, taking the network offline to minimise risk. Our initial investigations have found no evidence that any data has been removed from the network, but we will continue to investigate, working closely with other agencies. We have also launched a full review, drawing on specialist external and Cabinet Office support and expertise. We are also investigating potential failings by the contractor.

Specialist advice, guidance, and support is available on, and Defence websites. We have also purchased independent licences from a commercial data protection service. This can be accessed through a personal device of your choice, providing you with constant monitoring of your personal data - notifying you of any irregular activity. Registration codes and a how-to-guide will be provided shortly. As always, and where necessary, there is access to welfare and financial support. Please use your chain of command if required.

Everyone was paid as normal in April, and we are confident that salaries for May will not be affected. You may have however noticed a slight delay in the payments of routine expenses. We are in the process of restoring normal systems, and a solution is in place to ensure we facilitate all outstanding expenses payments which should be paid by the end of the week.

High value payments continue and all outstanding Forces Help To Buy and Terminal Benefits payments have been paid by a BACS transfer. If you have not received expected payments, please get in touch with your HR teams as a priority.

If you notice or have been advised that your details are unexpectedly online, report it immediately to your chain of command. Do not attempt to edit or delete the data or contact the website owner. Do not engage with anyone who claims to be you.

Whilst this will undoubtedly result in increased levels of anxiety – for which we apologise – the support and guidance we have provided will help keep your data protected and you safe. We will do all we can to keep you updated.

Still not clear from this, or the QandA if CFAVs are on this same system, but this confirms it’s not JPA that’s been hit.

1 Like

The fact that there’s a delay to routine expenses would suggest to me that it is the same payment system used to pay CFAVs, and therefore it is likely that CFAV data is included.

I might take the precaution of closing the bank account that I used to have VA & expenses paid into - but I only really used that particular account for this purpose anyhow.

Why? Worst case scenario they attempt to pay money in to that account or sign it up for some random stuff. Should all be protected and just flag it to the bank/CoC if something does happen that’s abnormal?

1 Like

Yeah, they could do that but the money is protected.

1 Like

The Q&A does mention CFAVs. It’s OFFICIAL, so I won’t reproduce it here. Sign in | Defence Connect

I missed that.

A bit silly that this starts with “This message is related to service personnel only” yet it’s also suggesting CFAVs might be caught up in this mess too.

BBC are now saying China suspected

1 Like

Everyone should now have an email from RAFAC Announcements about it.

Links to here