Britain's Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin.
The Daily Telegraph reports that up to 100,000 employee details were stolen, dating back across a number of years. Interserve currently employs around 53,000 people.
A source told the paper that names, addresses, bank details, payroll information, next of kin details, personnel and disciplinary records had been swiped.
The intrusion took place “earlier this month,” the tight-lipped firm said in a statement. A spokeswoman ignored questions from The Register about how many people were affected by the hack and whether MoD services would be impacted as the company responds.
Ministry of Defence lowers supplier infosec standards thanks to COVID-19 outbreakREAD MORE
“This will take some time and some operational services may be affected. Interserve has informed the Information Commissioner (ICO) of the incident. We will provide further updates when appropriate,” said the company in a statement, also asking “former employees, clients and suppliers” to exercise “heightened vigilance”.
The National Cyber Security Centre confirmed it is helping Interserve with the aftermath of the reported security breach.
Interserve holds a number of public sector contracts comprising, among others, some of the Ministry of Defence’s more important bases. The company website says it has a presence on 35 MoD sites, including: the Falkland Islands; the vital mid-Atlantic RAF staging post on Ascension Island; Gibraltar; and Cyprus. The contract for the overseas bases is reportedly worth around £500m.
Closer to home, Interserve also maintains the vital and secretive MoD bunkers at Corsham, coyly referred to as “the cutting edge global communications hub for the Ministry of Defence”. Corsham is in fact the home of the MoD’s Global Operations Security Control Centre, as well as the Joint Security Co-ordination Centre, plus a Cyber Security Operations Centre.
Informed sources whispered to El Reg that quite a few people at Corsham would be unhappy with news that a contractor with full access to the sensitive site has been hacked. ®
Sponsored: Ransomware has gone nuclear