An Information Commissioner’s Office (ICO) investigation into a UK Army data breach has concluded that no further action is required. While the source and exact nature of the breach remains unclear, the army is still experiencing its consequences.
What data was compromised?
The data breach involved candidate data and saw the personal information of 124 UK Army recruits made available for sale on the dark web.
Among the information included in the breach was:
- Candidates’ names, dates of birth, and addresses
- Candidates’ qualifications
- Candidates’ previous employment history
The data breach took place on March 13th, and the Armed Forces’ recruitment system was taken down the following day.
There has been no confirmation of who is behind the breach. However, some reports have suggested the breach was relatively low level rather than a wide-scale cyber attack or ransomware issue. Although no details have been released, if this was true, the data breach could have occurred from a scenario such as one individual accessing a system or being able to print or screengrab the data.
Ahead of Russia invading Ukraine, there were fears of a significant increase in cyberattacks of Russian origin, but such an event doesn’t seem to be behind this issue.
Systems restored as ICO concludes investigation
According to a Digit report, a British Army spokesperson said: “Following the compromise of a small selection of recruit data, the army’s online recruitment services were temporarily suspended pending an investigation.
“This investigation has now concluded allowing some functionality to be restored and applications to be processed.”
The Ministry of Defence reported the breach to the ICO just over a week after it had occurred, on March 21st, with the ICO subsequently finding that no further action was needed.