7 May 2024
Jesse Norman questions Defence Secretary following MOD cyber attack

Following the Secretary of State for Defence’s statement on the cyber attack where a malign actor hacked into the armed forces payment network, Jesse Norman asks about sanctions against the contractor if that contractor is found to be in breach of MOD guidelines and raises concerns about the safety and wellbeing of the soldiers whose data was stolen.

Jesse Norman (Hereford and South Herefordshire) (Con)

The Secretary of State has been clear about the serious nature of the breach; he has said so several times from the Dispatch Box. He has also said that the contractor failed to follow MOD guidelines and therefore is culpable, to some degree, as far as we can see so far. What sanctions are in place to penalise that contractor? What sanctions will the Secretary of State apply at the limit if that contractor is found to be in breach? Finally, he mentioned addresses. Roughly how many addresses have potentially been leaked? I am deeply concerned not just about bank details but about the safety and wellbeing of those soldiers.

The Secretary of State for Defence (Grant Shapps)

I share my right hon. Friend’s concern about the safety and wellbeing of those soldiers. Thankfully, the answer is that very few addresses have been leaked—a very tiny number. On sanctions and what will happen, we must not jump the order of events. We have to be confident we are able to run through the audit trail of exactly what has happened. However, I again make it clear from the Dispatch Box that if negligence has been involved, then we will take the strongest possible action as a result. He and the whole House understand that that is our concern this afternoon.