Ministerial Statement on Defence Personnel Data Breach (1)

Sir John Redwood (Wokingham) (Con):

Is there any indication of how the thief wanted to use the data, if they have actually got it? Have all the staff been advised to change accounts, passwords and internet access in every way, so that no further harm can occur?

Grant Shapps (Secretary of State for Defence):

In answer to the first point, no, there is no indication. On the second point, our regular approachā€”I speak as someone with an MOD accountā€”is that passwords have to be changed regularly in order to continue to use the system, so those security measures are in place. People do not need to change their bank accounts as a result of this incident. Apart from anything else, using someoneā€™s bank details to make a payment somewhere else would be technically difficult, as a new account would need two-factor authentication, so it is not necessary for people to change their accounts. The monitoring service will provide an overlay of additional reassurance to them.

13 Comments

  1. Bloke
    May 11, 2024

    Just knowing the names and pay levels would be enough for an enemy to identify who does what.

    1. Everhopeful
      May 11, 2024

      I just love JRā€™s question (ā€œThe thiefā€ lol) and the eager beaver style reply.
      Much entrails consulting had been going on and, after all, every self respecting NZ country MUST have its share of much predicted ā€œ cyber attacksā€.

      1. Bloke
        May 11, 2024

        ā€˜Attackā€™ is probably not overstated, yet the purpose seems unlikely to be linked with extracting money from personal bank accounts. There are easier ways to perform monetary fraud without the risk of triggering such intense reaction from a government. The intent was probably mainly to probe and find out matters which our government needs to keep secret, or demonstrate how simple it is to bypass confidential precautions.

  2. iain gill
    May 11, 2024

    DELL sent an email to all their customers this week, telling them that the customers data had been stolen, as part of a hack of the DELL customer database.

    Easy way to get a VIP’s home address etc.

    Not to mention the home addresses of key people in our society, like the 200 fast jet pilots we have on which the whole defence of the realm depends. 200 that’s all we have, such a small number. And so on.

  3. Lifelogic
    May 11, 2024

    Protecting data is very hard you have corrupted staff, software bugs, maintenance engineersā€¦ all sorts of weaknesses and you can store masses of data on a tiny chip or download masses in a few seconds.

    Meanwhile I read that ā€œPlanet Earth is getting rocked by the biggest solar storm in decades.ā€ giving us spectacular Northern Lights even in Cornwall it seems. I assume the climate ā€œexpertsā€ predicted this solar activity and had it figured in with their brilliant computer models? Just as they have all the volcanic eruptions in the models?

    Or are these people just bent crystal ball soothsayers? Can they perhaps predict net monthā€™s or next years climate remotely accurately?

    1. Everhopeful
      May 11, 2024

      +++
      Tut! Tut LL!
      Keep up!
      They use bunches of seaweed ā€¦placed scientifically outside the back door.

      1. Lifelogic
        May 11, 2024

        I know and I am not a ā€œclimate scientistā€ merely a maths/physicist/electronics person so what right do I have to comment?

        They actually seem to use thermometers in heavily build up areas like say Heathrow & then compare the average temperature now with when it merely a grass strip runway.

        1. Everhopeful
          May 11, 2024

          +++
          Strategically placed no doubt?
          Good job ppl like you do comment!

    2. Iain gill
      May 11, 2024

      Security is a spectrum, poor security is cheap, great security is expensive. Few organisations are prepared to pay for the best most expensive security. Getting the balance correct is the skill.
      The MOD is useless at security, lots of petty bureaucracy, lots of retired military helicopter pilots in security roles who have no idea of the basics of computer science, lots of money spent, pretty rubbish security in practice.
      Their HR systems are botched versions of oracle HR systems but so heavily customised they may as well be bespoke. They are supposed to be replacing them but they are incapable of procuring anything decent.

  4. Aaron
    May 11, 2024

    Hearing ministers talk about a subject I understand well gives me a concern they are equally ignorant on subjects I know little about, like the economy, foreign policy, food and energy security.

    The secretary gives every indication that loosing this data is not a problem.
    Identity theft is a very big problem. One hypothetical scenario would be if the military were deployed, the opposite forces could use the data to conduct fraud on service personnel, the MoD and their families. So while troops are deployed, their families are having houses repossessed, chased for repayments for fraudulent loans, bank accounts closed due to perceived illegal activity and other issues, sapping the will and moral of the nation.

    How hypothetical is this? Google ā€˜cost of identity theft 2024ā€™ to find out.

    ā€˜There is no indication what the thieves wanted to do with the dataā€™ is a terrifyingly stupid, ignorant answer. Identity theft is used for financial fraud. The actual answer is all those impacted are going to have a lifetime of fraud attempts on their financial provisions, fake loans taken out in their names, fraud alerts blocking legitimate transactions, fraudulent transactions in their bank accounts, loans and mortgages refused because of bad credit records due to ongoing fraud etc etc.
    One year of ā€˜freeā€™ credit monitoring for those impacted is a joke. It should be a lifetime, and the company that lost the data should pay for it.

  5. Everhopeful
    May 11, 2024

    Oh how much easier and safer it is when machines do all the work!
    Mind you..I suppose eventually there will be no need for payrolls as such.
    No workers!

  6. Margaret
    May 11, 2024

    It’s the people , not the technology.Everwhere is filling up with those who have a different set of morals and sensitivities. It saddens me that free speech has turned to power kicks and nastiness.I. Have just come back from the supermarket and the general conversations were about slagging others off and pushing and shoving.These are the ones who don’t look in the mirror for their own faults , lie and cheat and access technology.

  7. glen cullen
    May 11, 2024

    In other news
    Today the BBC reporting ā€˜breaking newsā€™ that itā€™s the hottest day so far this year ā€¦.Iā€™m expecting further ā€˜breaking newsā€™ tomorrow as it gets hotter towards mid-summer ā€¦donā€™t we have a media select committee, couldnā€™t someone ask why this is breaking news

Comments are closed.