270,000 personal records affected by hack on MOD’s payroll provider
June 25, 2024Categorised in: News
An estimated 270,000 payroll records of members of Britain’s armed forces were exposed to hackers in a breach at a third-party payroll provider.
According to media reports, the data includes names and bank details for full-time military personnel, part-time reservists, and veterans who left the armed forces after January 2018.
The BBC and Sky broke the story in early May, reporting that initial investigations found no evidence of any data being removed, and that immediate action was taken by the payroll provider to take the external network offline.
Whilst the claims haven’t been corroborated, government ministers have voiced suspicion that China was responsible for the cyber-attack. China, however, described the suggestion as a ‘fabricated and malicious slander’, and urged those responsible for the speculation in the UK to ‘stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce’.
The external contractor in charge of the hacked system was Shared Services Connected Ltd (SSCL). The global business signed a seven-year, £300 million Future Service Delivery Contract (FSDC) with the MOD in 2019. Under the agreement, SSCL delivers ‘new platforms and more modern ways of working for MOD Defence Business Services (source: SSCL press release), delivering improved access to Armed Forces pay, pensions, military HR and administrative services.
The contract – claimed by SSCL to be the biggest of its type in Europe at the time it was secured – formed part of the Modernising Defence Programme that is committed to ‘driving innovation, improving agility, and driving efficiencies’.
Speaking in the House of Commons in the wake of the payroll data breach being discovered, the government’s Defence Secretary, Grant Shapps said ‘there was evidence of failings’ by the contractor-operated system, and that it was totally separate to the core MOD network. He also apologised to the servicemen and women affected by the data breach, and that the incident was ‘further proof that the UK is facing rising and evolving threats’.
The immediate impact of a cyber-attack targeting payroll can include:
- Delays in employees receiving their pay;
- Compliance failures (such as late payment of local tax and social security, and revenue authority reporting);
- Late payment of third-party liabilities (such as pension contributions, benefit providers etc.);
- Potential data protection regulation breaches.
Outsourcing payroll services rather than hiring internally can be a cost-effective solution, and there are plenty of payroll providers to choose from. However, investing in comprehensive due diligence up front is vital to be sure to identify the right one for a business – and importantly one that is compliant when it comes to how they manage payroll and payslips, can demonstrate security of clients’ data and compliance with GDPR, as well as evidence of a robust payroll disaster recovery plan.
So always ask prospective outsourced payroll providers for references, evidence of HMRC compliance, and their latest audit. Talk to other businesses about who they use for payroll, check-out online reviews, and ask for proof the payroll provider understands your sector and relevant legislation. Meet their team to establish the business is reliable, has robust systems and processes, the knowledge and resource to act and respond, and that payroll is in the right format for you.
Trust comes over time, but before selecting a payroll provider, get evidence they have excellent communication tools, secure technology, satisfied customers, and value openness and transparency.
Moving forward, it is good practice to review external payroll provider’s service level agreements, key performance indicators, contractual arrangements, and current payroll operating models. Act on any gaps or anomalies in the findings, to ensure the payroll provider continues to fit the business and is fit for purpose and effective moving forward.
Why choose HIVE360’s outsourced payroll solution
HIVE360 is a specialist employment solutions organisation, which provides expert outsourced PAYE HMRC compliant payroll and benefits services.
With a focus on adding value to its client’s businesses, and looking after their people and workers, HIVE360 strives to support tackling the challenge of attracting, engaging and retaining the best talent, by enabling its clients to become employers and recruiters of choice by giving them a strong employment offering in the market.
By working with HIVE360, clients gain access to an extensive network of experts and professional partners – including businesses with GLAA licenses - which combine to provide a robust and seamless solution for fully compliant pay and payroll, and efficient employment administration support.
By bringing together these expert partners, HIVE360 acts as a unique facilitator to deliver an integrated solution of cost effective outsourced payroll, employee benefits, support and employee engagement to each of its clients that includes recruitment businesses, owner-managed, privately-owned and medium-sized (150-plus employees/workers) businesses.
HIVE360 and its partner providers are not mini umbrella companies, hybrid or any other contrived employment structure. All HIVE360 payrolls are processed under HMRC payroll standards; the company operates full standard rate VAT and has no connection with any business or individual promoting flat rate VAT schemes.
HIVE360’s solution integrates outsourced payroll solutions with integrated benefits and support that deliver typical savings of £65 per employee/worker per annum, with an inclusive benefits package worth in the region of £200 per employee per year, dependent on individual company situation and factors.
As an outsourced employment services and administration expert, HIVE360 delivers not only effective outsourced employment administration and payroll, but also employee engagement and employee benefits solutions powered by its sophisticated mobile employee engagement app Engage, provided as standard and at no extra charge for all clients and their workforce.
If you’d like to talk about using the agency payroll services offered at HIVE360, please get in touch here.