UK Army Recruitment Portal Closed After Data Breach

The computer system for the recruitment element of the British army has been offline for over a month now as a precaution, after it was apparently hacked.

The Guardian reported that the system was closed since mid March, after officials became alarmed when it was discovered the data relating to about 120 army recruits was offered for sale on the dark web.

In the meantime, the army has been using emergency systems to handle recruitment, while the online portal is shut down.

Recruitment system

The online portal being offline has occurred during most of Russia’s invasion of Ukraine, which itself has triggered a series of cyberattacks.

The UK has been at the forefront of providing military weapons systems to Ukraine, with its NLAW anti tank missile system being widely lauded by soldiers in Ukraine, as helping them beat off multiple advancing columns of Russian armour that sought to punch through to Kyiv in the opening weeks of the invasion.

The Guardian reported that defence sources would not comment on whether Russia or Russian actors were involved in the British army recruitment system hack, although there is a suggestion it was a low-level compromise because it was unclear if there had been a hack or if someone had simply obtained a screen grab or print out.

“Following the compromise of a small selection of recruit data, the army’s online recruitment services were temporarily suspended pending an investigation,” a British army spokesperson was quoted as saying by the newspaper.

“This investigation has now concluded allowing some functionality to be restored and applications to be processed,” the spokesperson added.

The internal Defence Recruitment System has now been restored, the army told the Guardian, after a lengthy investigation, but the external online portal remains down and the problem has complicated army recruitment for over five weeks of the two-month war in Ukraine.

Those visiting the army recruitment login page were being told “we are currently experiencing some technical issues” and candidates wanting to be updated had to call a dedicated number if they had “any questions surrounding your application”.

The Information Commissioner’s Office, responsible for data protection, said it had been informed of the incident.

But an ICO spokesperson told the Guardian that “after making inquiries and carefully reviewing the information provided, we decided no further action was needed at this time”.

Data losses, gaffes

It should be noted that hacking of soldiers’ details has been a feature of the war in Ukraine.

After Putin ordered his troops across the border, hacker group Anonymous issued a self-declared war against Russia, which apparently resulted in the release of the personal details of 120,000 Russian soldiers fighting in Ukraine in early April.

The UK’s Ministry of Defence (MoD) however has been at the centre of a number of data leaks over the years, including one involving Prince William during his days as an RAF pilot.

Last October secret data of enhanced weapons was exposed in an embarrassing cut-and-paste blunder, mirroring a similar mistake in 2011 of data concerning nuclear submarines.

In April 2011 the MoD briefly exposed secret information about nuclear submarines on its site, thanks to an error in blacking out parts of a document posted online.

In January this year, the MoD disclosed that in a one year period, it suffered 7 serious data loss incidents which were reported to the UK’s Information Commissioners Office.

The MoD also internally recorded another 552 data incidents (mostly unauthorised disclosures), but these incidents were “deemed by the Data Controller not to fall within the criteria for reporting to the ICO.”