A recent report issued by Sky News has highlighted that sensitive Ministry of Defence (MOD) data was exposed when confidential files were transmitted in 2020.

The private data belonging to the British government department was sent from secure networks to personal email accounts, rendering it unprotected. The documents Sky News obtained were heavily redacted in order to obscure their nature for reasons of national security. However, they revealed record-breaking numbers of breaches last year that originated from partners of the British military, operating in the private sector. The result has been the exposure of secret information to hostile nation-states.

A growing number of data breaches

The alarming number of data security incidents noted by Sky News has raised issues regarding the resilience of the UK’s defences against foreign espionage. This comes at a time when the government is announcing its Integrated Review, a set of parameters that will establish British security and defence apparatus’s updated strategic direction.

The viewed documents indicate that 151 different incidents were logged with the defence ministry’s Warning, Advice and Reporting Point (WARP) last year, a sharp spike from the 75 recorded back in 2019.

An advisory posted last month on a new page at gov.uk commented:

“Every government contractor that processes MOD information is obliged to report security incidents to the Defence Industry WARP.”

A wide range of security incidents

The redacted documents revealed extensive diversity in the data breaches that took place when details were sent from a secure system to personal accounts. Hostile nation-states are renowned for targeting the personal accounts of defence officials and politicians at all levels of government, like in the run-up to the 2019 general election when Russian hackers stole private trade deal documents from MP Liam Fox’s personal account.

One part of the report seen by Sky News indicated a potential phishing attack with data transmitted to an “unauthorised domain”, while another two breaches were deemed too sensitive to display an accurate date of disclosure.

Additional incidents included possible compromises to systems owned by the MoD, a network infrastructure that was misconfigured, and a site perimeter breached at an undisclosed location. There was also an incident where missile containers were being made available for purchase.

Commenting on the recently revealed information, a spokesperson for the MoD stated:

“The MoD takes the security of its personnel, systems and establishments very seriously and continually seek to improve security incident reporting. We have recently introduced policy, processes and tools to make internal and external reporting easier and more efficient, and the increase in reports can be largely attributed to these improvements.”

Resilient email security

Our secure email service at Galaxkey was developed to mitigate these types of breaches that can lead to private company and government content being exposed. Our system uses premium grade three-layer encryption that ensures that all data transferred by email is indecipherable and remains private. Only individuals who are awarded authorisation are able to view emails, along with any attached documents for comprehensive security. Contact our team today for a free online demonstration.