A senior British lawmaker said on Tuesday China was probably behind a massive cyberattack on the names and banking details of UK armed forces personnel, prompting a furious denial by Beijing.
MP and former minister Tobias Ellwood said a third-party payroll system used by the defence ministry was targeted, adding that it had the hallmarks of a Chinese operation.
“Targeting the names of the payroll system and service personnel’s bank details — this does point to China because it can be as part of a plan, a strategy to see who might be coerced,”, the ex-soldier and former chairman of a parliamentary defence committee, told BBC radio.
Defence Secretary Grant Shapps was due to give details of the data breach to parliament later on Tuesday.
Shapps’s cabinet colleague Mel Stride confirmed there had been an attack on a system run by an outside firm but did not elaborate.
The leak is believed to have also included a small number of personal addresses of serving and former armed forces members.
Stride told Sky News television, which first reported the breach, that the defence ministry had acted “very swiftly” to take the database off line.
But the government was not currently pointing the finger at Beijing, he said.
“That is an assumption… We are not saying that at this precise moment,” he added.
But he added that the government viewed Beijing’s government as an “epoch-defining challenge”.
“Our eyes are wide open when it comes to China,” Stride said.
– ‘Utter nonsense’ –
Beijing hit back at the claims from Ellwood, a China hawk who has publicly criticised Beijing’s crackdown on rights in Hong Kong.
“The remarks by relevant British politicians are utter nonsense,” foreign ministry spokesman Lin Jian said.
“China has always firmly opposed and cracked down on all types of cyberattacks.”
The UK and the United States in March accused China of a global campaign of “malicious” cyberattacks in an unprecedented joint operation.
Britain accused China of targeting the Electoral Commission watchdog and the email accounts of parliamentarians.
The Electoral Commission attack was identified in October 2022 but the hackers had been able to access the commission’s systems for more than a year.
China called that accusation “malicious slander”.
In June 2023, Google subsidiary Mandiant said online attackers with clear links to China were behind a vast cyberespionage campaign targeting government agencies of interest to Beijing.
Washington has also frequently accused Beijing of cyberattacks against US targets.
Last month two British men, including a former UK parliamentary researcher, appeared in court in London accused of spying for China.
Prime Minister Rishi Sunak is under pressure to take a tougher line on China, and last month announced a hike in the country’s defence budget to guard against new and emerging threats.
On a visit to Poland, Sunak singled out China, alongside Russia, Iran and North Korea, describing them as “an axis of authoritarian states”.