The British government said Tuesday it could not rule out state involvement in a mass cyberattack on the personal details of armed forces personnel that some lawmakers blamed on Beijing.
China furiously denied that it was behind the hack on a contractor’s payroll system used by the defence ministry that contained the names, banking details and addresses of tens of thousands of serving and veteran British soldiers.
“We do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement,” Defence Secretary Grant Shapps told parliament.
Prime Minister Rishi Sunak had earlier said there were indications that a “malign actor has compromised the armed forces payment network” but stopped short of naming China.
MP and former minister Tobias Ellwood said it had the hallmarks of a Chinese operation.
“Targeting the names of the payroll system and service personnel’s bank details — this does point to China because it can be as part of a plan, a strategy to see who might be coerced,” the ex-soldier and former chairman of a parliamentary defence committee, told BBC radio.
But during his update to parliamentarians on the data breach, Shapps would not be drawn on whether China was responsible.
“This incident is further proof that the UK is facing rising and evolving threats,” he said.
Shapps said up to 272,000 serving personnel might have been affected, including some recently retired veterans.
He added that initial investigations had found “no evidence that any data has been removed,” and said the government had taken “immediate action” to protect those targeted, including taking the system offline.
“I want to apologise to the men and women who are affected by this. It should not have happened,” he told the House of Commons.
Cabinet minister Mel Stride told Sky News television, which first reported the breach, the government was not currently pointing the finger at Beijing.
“That is an assumption… We are not saying that at this precise moment,” he said.
But he said that the government viewed Beijing’s government as an “epoch-defining challenge. Our eyes are wide open when it comes to China.”
Sunak, speaking on a visit to southeast London, added that the government had set out a “robust policy” towards China, which was becoming increasingly “authoritarian” at home and “more assertive” abroad.
‘Utter nonsense’
Beijing hit back quickly at the claims from Ellwood, a China hawk who has publicly criticised Beijing’s crackdown on rights in Hong Kong.
“The remarks by relevant British politicians are utter nonsense,” foreign ministry spokesman Lin Jian said.
“China has always firmly opposed and cracked down on all types of cyberattacks.”
The UK and the United States in March accused China of a global campaign of “malicious” cyberattacks in an unprecedented joint operation.
Britain accused China of targeting the Electoral Commission watchdog and the email accounts of parliamentarians.
The Electoral Commission attack was identified in October 2022 but the hackers had been able to access the commission’s systems for more than a year.
China called that accusation “malicious slander”.
In June 2023, Google subsidiary Mandiant said online attackers with clear links to China were behind a vast cyberespionage campaign targeting government agencies of interest to Beijing.
Washington has also frequently accused Beijing of cyberattacks against US targets.
Last month two British men, including a former UK parliamentary researcher, appeared in court in London accused of spying for China.
Sunak’s government has come under pressure to take a tougher line on China, and last month announced a hike in the country’s defence budget to guard against new and emerging threats.
On a visit to Poland, Sunak singled out China, alongside Russia, Iran and North Korea, describing them as “an axis of authoritarian states”.