Offices across the North and Scotland could be central to yesterday’s hack of the MoD payroll system, which Defence Secretary Grant Shapps has told MPs the government believes “was the suspected work of a malign actor,” adding that “we cannot rule out state involvement.”
The payroll system holds “personal HMRC-style information” for current regular, reservist and former members of the Royal Navy, Army and Royal Air Force over a period of several years. In a very small number of cases, the data may include personal addresses.
Prime Minister Rishi Sunak also said a “malign actor” had compromised the payroll system. Sunak stopped short of naming a suspect, although China was widely reported to be odds-on-favourite across last night’s news bulletins. China has dismissed the claims as “fabricated and malicious slander.”
Sunak and Shapps also both declined to name the contractor responsible for the operations initially, saying only that the government was reviewing the security of an unnamed contractor’s operations.
Speaking in parliament, however, Labour’s shadow defence secretary John Healey named the external contractor in charge of the hacked system as Shared Services Connected Ltd (SSCL), a subsidiary of Paris-based tech company Sopra Steria, which Shapps confirmed saying “He has named the contractor that was involved, I can confirm that’s the correct name, SSCL.”
SSCL operates a number of sites across the North and Scotland, including in Glasgow, Blackpool, Newcastle, York, Leeds and Manchester.
The contact page on SSCL’s website explains: “Our colleagues are based throughout the UK. Our six Centres of Excellence in Glasgow, Blackpool, Newcastle, York, Newport and Gosport provide a national base for our people to deliver business critical support services to our many Government and public sector clients. We also have smaller offices in London, Manchester and Bircham Newton. Our Resourcing Services team manage Recruitment Assessment Centres in Croydon, Kennington and Leeds.”
Shapps has apologised to the servicemen and women affected by the data breach and detailed an eight-point plan which included a specialist support helpline.
Service people affected by the hack will receive further information from the government about the breach and will be told any concerns are more about fraud risks rather than personal safety.
In an email sent to people affected on Tuesday, personnel were told officials were “confident” May salaries will not be affected, but there may be slight delays to payments of routine expenses.
