Go Back  PPRuNe Forums > Aircrew Forums > Military Aviation
Reload this Page >

UK MOD Pay & Pensions Data Breach

Military Aviation A forum for the professionals who fly military hardware. Also for the backroom boys and girls who support the flying and maintain the equipment, and without whom nothing would ever leave the ground. All armies, navies and air forces of the world equally welcome here.

UK MOD Pay & Pensions Data Breach

Old 6th May 2024, 22:52
  #1 (permalink)  
Thread Starter
 
Join Date: Sep 2010
Location: Nevada, USA
Posts: 1,618
Received 45 Likes on 32 Posts
UK MOD Pay & Pensions Data Breach

May include bank details and addresses

https://www.bbc.com/news/uk-68966497
RAFEngO74to09 is offline  
Old 6th May 2024, 22:54
  #2 (permalink)  
Thread Starter
 
Join Date: Sep 2010
Location: Nevada, USA
Posts: 1,618
Received 45 Likes on 32 Posts
On Sky News

"The cyberattack was on a payroll system with current service personnel and some veterans. It is largely names and bank details that have been exposed."

https://news.sky.com/story/china-hac...earns-13130757
RAFEngO74to09 is offline  
Old 6th May 2024, 23:08
  #3 (permalink)  
 
Join Date: Jan 2008
Location: Glorious Devon
Posts: 2,720
Received 1,067 Likes on 645 Posts
Not sure how much it will help, but now might be a good time to ensure you have 2 factor authentication on your accounts.

i might add, in the pre JPA days, we always had an air gap between the database and the internet.
Ninthace is online now  
Old 7th May 2024, 08:30
  #4 (permalink)  
 
Join Date: Apr 2005
Location: UK
Posts: 2,166
Received 48 Likes on 24 Posts
It seems like "the very limited" data on personal addresses reassurance given by the MoD = all the JPA payroll addresses. The distinction being that the majority of payroll addresses are to the unit address where you serve. Not that that is particularly reassuring either if you happen to be working somewhere where that in itself will attract more than a trivial amount of concern. Of course, many of us have had, for many differing reasons, their pay statements sent to a personal address (yep, that includes me) at various points in their career.

What isn't clear is if more than just the current or last address has been compromised. That could leave someone who had statements sent to a sensitive unit address and a previous or subsequent personal address in a bit of a pickle. Some may find themselves having to move their family home...

Finally, isn't NoK data also held with your individual record on JPA?
Just This Once... is offline  
The following users liked this post:
Old 7th May 2024, 11:00
  #5 (permalink)  
 
Join Date: Feb 2003
Location: uk
Posts: 3,226
Received 172 Likes on 65 Posts
While appalling, it seems MoD has been reasonably quick and open. (I hope).

Unlike the February 2010 'data theft' of 'names, addresses, dates of birth, and National Insurance numbers of past and present members of the Civil Service Sports Association' - which the majority of civil servants belong(ed) to. This was only notified to members on 23 November 2012. The sound of pennies dropping could be heard across the country, but no mention of it was made.
tucumseh is offline  
Old 7th May 2024, 11:03
  #6 (permalink)  
 
Join Date: Oct 2010
Location: S W France
Age: 80
Posts: 262
Received 2 Likes on 1 Post
From "#1
According to the BBC this affects " both current and some past Armed Forces members." and " it is understood that the MOD has taken immediate action
and the system has been taken off line"
Possible delay to Pay and Pension payments ?
Tengah Type is offline  
Old 7th May 2024, 11:33
  #7 (permalink)  
 
Join Date: Jun 2008
Location: London
Age: 67
Posts: 498
Likes: 0
Received 36 Likes on 13 Posts
Possible delay to Pay and Pension payments ?
MOD is briefing uniformed staff that pay and pensions for May are expected to be paid as normal. There may be some slight delay to some JPA expense payments but that should be cleared by the end of the week. Apparently the breach does not involve JPA, so you will not be having NOK addresses or OJAR extracts leaked online.
Fortissimo is offline  
Old 7th May 2024, 11:57
  #8 (permalink)  
 
Join Date: Dec 2020
Location: England
Posts: 551
Received 255 Likes on 134 Posts
Originally Posted by Ninthace
Not sure how much it will help, but now might be a good time to ensure you have 2 factor authentication on your accounts.

i might add, in the pre JPA days, we always had an air gap between the database and the internet.
If you have an `air gap` between the database and the internet how do you access the data from the internet?
Air gapped networks are networks that have no access to a particular thing, hence the gap?
DogTailRed2 is offline  
Old 7th May 2024, 12:25
  #9 (permalink)  
ICM
 
Join Date: May 2008
Location: Bishops Stortford, UK
Age: 82
Posts: 471
Received 4 Likes on 4 Posts
Originally Posted by DogTailRed2
If you have an `air gap` between the database and the internet how do you access the data from the internet?
Air gapped networks are networks that have no access to a particular thing, hence the gap?
Thinking back to around the turn of the century, I don't recall the computer on my Main Building desk having links to any system outside of MOD. I imagine things today are very different.
ICM is offline  
Old 7th May 2024, 15:28
  #10 (permalink)  
 
Join Date: Apr 2005
Location: UK
Posts: 2,166
Received 48 Likes on 24 Posts
Originally Posted by Fortissimo
Apparently the breach does not involve JPA...
Quote from EDS blurb, the providers of the system:
Administers more than 340,000 live pay records.
Maintains over 570,000 master personnel records.
Maintains more than 725,000 pension records.
Accounts for £5.7 billion in military pay and allowances.
Provides IT services and supports over 8,000 desktop PCs worldwide.
What other live pay record system is involved if it isn't JPA?

Just This Once... is offline  
Old 7th May 2024, 15:39
  #11 (permalink)  
 
Join Date: May 2005
Location: home for good
Posts: 495
Received 1 Like on 1 Post
Originally Posted by Just This Once...
Quote from EDS blurb, the providers of the system:


What other live pay record system is involved if it isn't JPA?
There will be a third-party contracted payroll processing company. They usually receive a 'payroll' record (large data file in one of many formats) and use that to integrate with banking systems to drop the money into the correct accounts. While the payroll record should be encrypted for transfer, how it is protected while on the third-party processing servers is up to them... It is up to the contracting organisation (MoD) to ensure and assure that the necessary levels of protection are in place. Obviously not in this case....
Sandy Parts is offline  
Old 7th May 2024, 15:42
  #12 (permalink)  
 
Join Date: Jan 2008
Location: Glorious Devon
Posts: 2,720
Received 1,067 Likes on 645 Posts
Originally Posted by DogTailRed2
If you have an `air gap` between the database and the internet how do you access the data from the internet?
Air gapped networks are networks that have no access to a particular thing, hence the gap?
You didn't!
If an individual needed access to the internet, there were dedicated machines for that purpose which were not on the network. The machines had blanked off disk ports and no means of using a USB key either.
For deployed ops, we were still able to share personnel data via data links so it could be read or updated remotely, but the data remained at "our end" so even if the laptop at the deployed location went walkabout, all they had was a laptop - we still had the data.
Ninthace is online now  
Old 7th May 2024, 19:12
  #13 (permalink)  
Thread Starter
 
Join Date: Sep 2010
Location: Nevada, USA
Posts: 1,618
Received 45 Likes on 32 Posts
House of Commons Statement

Defence Secretary Oral Statement to provide a Defence Personnel Update - 07 May 2024 - GOV.UK (www.gov.uk)
RAFEngO74to09 is offline  
Old 7th May 2024, 21:15
  #14 (permalink)  
 
Join Date: Aug 2003
Location: A far distant land
Posts: 99
Received 34 Likes on 6 Posts
Back in about 2009 I was visited in mod by a vetting officer out of synch with any planned or expected vetting refresh. He said he had quite a few people to visit that day so he would be brief: A hard disk used at Innsworth for vetting casework had gone missing but they didn’t ‘think’ it had been stolen, merely that it was unaccounted for………..
Big Unit Specialist is offline  
Old 8th May 2024, 01:27
  #15 (permalink)  
 
Join Date: Dec 2006
Location: Whanganui, NZ
Posts: 280
Received 5 Likes on 4 Posts
Depending on what is in "Payroll information", this could be a more serious security risk than seems apparent.
If the information includes a breakdown of the payroll factors such as allowances paid, then it may be possible to make significant estimations of capability. For example, if it's possible to determine how many people at a particular location are receiving flying pay, you can make a good estimate on the maximum number of aircraft that can be crewed. If there was, hypothetically, an allowance being paid for Qualified Nuclear Reactor Operator, then again it would be easy to work out how many boats the RN could surge.
kiwi grey is offline  
Old 15th May 2024, 17:27
  #16 (permalink)  
 
Join Date: Dec 2022
Location: Carterton
Posts: 27
Received 10 Likes on 7 Posts
Second letter

Today I received a second letter. It was addressed to Mr A, and internally on their paper has no name and address. Paragraph 3 is more direct than the generic letter from a few days ago.
Has any other person, serving or veteran, had the second letter?
Atlasisrubbish is offline  
Old 15th May 2024, 17:36
  #17 (permalink)  
 
Join Date: May 2006
Location: Around
Posts: 1,210
Received 118 Likes on 54 Posts
I recieved a letter today, the first one I have recieved.
downsizer is offline  
Old 15th May 2024, 17:54
  #18 (permalink)  
 
Join Date: Dec 2022
Location: Carterton
Posts: 27
Received 10 Likes on 7 Posts
Are you still serving?
Atlasisrubbish is offline  
Old 15th May 2024, 21:05
  #19 (permalink)  
 
Join Date: Jan 2000
Location: Bar to Bar
Posts: 799
Received 10 Likes on 3 Posts
Me today too, recently retired from a Reserve contract, already drawing AFPS75, now topped up with a small AFPS15 addition.
Sloppy Link is offline  
Old 16th May 2024, 07:53
  #20 (permalink)  
 
Join Date: May 2006
Location: Around
Posts: 1,210
Received 118 Likes on 54 Posts
Originally Posted by Atlasisrubbish
Are you still serving?
No, been out a year mate.
downsizer is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.