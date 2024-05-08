



The British government said Tuesday it was investigating the potential failure of SSCL, a private IT contractor, to be linked to a suspected Chinese cyberattack that targeted the records of British soldiers.

The hack of the company, which had multiple government contracts providing business services to other departments, accessed records of up to 272,000 people on the Department of Defense payroll.

The attacks, discovered in recent days, were carried out by malicious actors, Defense Secretary Grant Shapps said. It was not revealed who was behind it, but an official briefed on the incident said China is believed to be the culprit.

“We think there are a lot of questions that private contractors need to answer,” Shapps told lawmakers. If there is negligence… we will take the strongest action.

SSCL holds pay details for most of the UK Armed Forces and a total of 550,000 civil servants through other government contracts, including the Home Office, Ministry of Justice and the Metropolitan Police.

It was established in 2013 as a joint venture between the Cabinet Office and Sopra Steria, a Paris-based digital services company, as part of wider efforts to reform the civil service and save taxpayers money by centralizing government functions.

It claims to have delivered $750 million in cost savings to the public sector over the past 10 years. The Cabinet Office sold a 25% stake in SSCL to Sopra Steria last year. The company did not immediately respond to a request for comment.

According to the SSCL website, SSCL provides business services to 22 government departments and agencies and processes more than $363 billion in payments each year.

Tobias Ellwood, a Tory MP and former defense secretary, said we need to see the resilience of all third-party contractors involved in Whitehall departments being protected to the same standards as the departments themselves.

Shadow defense secretary John Healey said private contractors were a vulnerable part of national security.

Philip Davies, professor of information studies at Brunel University London, described the hack as very worrying. If security compliance is lax in companies close to the Cabinet Office, what company could be located further from the heart of government or its subcontractors and sub-contractors? Contractors and service providers?

Britain has previously accused Chinese hackers of trying to break into the email accounts of lawmakers critical of China, and also blamed them for an attack on the country's election watchdog that compromised the data of millions of citizens.

Chinese Foreign Ministry spokesman Lin Jian said China opposes all forms of cyberattacks and that British politicians' comments that China was responsible for the Pentagon hacking were “absurd.”

The British government believes that anyone who accessed MoD data did not download it. Members of the military were informed of the cyberattack on Tuesday morning.

Fran Heathcote, general secretary of the Public and Commercial Services Union, which represents civil servants, said: We have had no particular issues with SSCL and today we were assured that no details of our members had been leaked.

However, there are concerns that outsourcing this type of work to a private company could make member data more vulnerable, as a third party is delegated to perform the function on behalf of the state, rather than being carried out in-house by trusted staff. .

Additional reporting by Sylvia Pfeifer

