Ministerial Statement on Defence Personnel Data Breach (1)

Sir John Redwood (Wokingham) (Con):

Is there any indication of how the thief wanted to use the data, if they have actually got it? Have all the staff been advised to change accounts, passwords and internet access in every way, so that no further harm can occur?

Grant Shapps (Secretary of State for Defence):

In answer to the first point, no, there is no indication. On the second point, our regular approach—I speak as someone with an MOD account—is that passwords have to be changed regularly in order to continue to use the system, so those security measures are in place. People do not need to change their bank accounts as a result of this incident. Apart from anything else, using someone’s bank details to make a payment somewhere else would be technically difficult, as a new account would need two-factor authentication, so it is not necessary for people to change their accounts. The monitoring service will provide an overlay of additional reassurance to them.