The payroll system used by the MoD, which includes bank details and names of armed forces members, was targeted. In a small number of cases, the data breach included personal addresses of staff.

The MoD has made no comment about where the vulnerability in its IT supply chain may lie.

Jake Moore, global cybersecurity advisor at ESET, told Verdict that many businesses in the government's supply chain will handle extremely sensitive data and it is imperative that their security protocols are checked regularly.

"When dealing with this level of sensitive information which could potentially cause a huge knock on effect, it is vital that they are protected to the highest possible standard," Moore said.

"Protecting our digital landscape is just as critical as safeguarding the physical realm and this latest data breach highlights yet again the importance for increased investment in defence and security measures," he added.

According to GlobalData's Thematic Research: Cybersecurity (2024) report, cyberattacks targeting software supply chains are increasingly common and are typically devastating.

These attacks are effective because they can take down an organisation's entire software supply chain and services, resulting in massive business disruption, according to the report.

The UK government has not confirmed who was behind the hack but Sky News and Daily Mail reported that China was behind the cyberattack.

The breach of the “personal HMRC-style information” forced the MoD to take the system offline. 

The news comes just under two months after China's "state-affiliated actors" were blamed by the UK government for two cyberattack campaigns on the country.

It is understood that investigations have been launched to understand the severity of the attack and where it originated. 

Defence Secretary Grant Shaps is due to update the UK government about the hack in the Commons today (7 May).

Shaps will tell MPs a “multi-point plan” to help defend the affected MoD members.