The British Army’s online recruitment portal has been offline for more than a month following a data breach.
Officials shut the computerised enrolment system down in the middle of March as a precaution after the personal data of more than 100 army recruits was found being offered for sale on the dark web.
An investigation was launched to determine whether cyber-criminals had hacked into the internal Defence Recruitment System and exfiltrated recruits’ personal data.
Data reportedly exposed in the incident included full names, dates of birth, addresses, qualifications and previous employment details.
“Following the compromise of a small selection of recruit data, the army’s online recruitment services were temporarily suspended pending an investigation,"
said a British Army spokesperson.
“This investigation has now concluded allowing some functionality to be restored and applications to be processed.”
While access to the recruitment system has now been restored, the army continues to rely on its emergency backup methods to recruit new soldiers as the external online recruitment portal is still not functioning.
Visitors to the army recruitment login page are greeted with the message that the service is “currently experiencing some technical issues.” Candidates with questions about their application or the process are instructed to dial a dedicated phone number.
UK defense minister Leo Docherty said:
“On Monday March 14, Army HQ were made aware of a breach of information in relation to potential Army candidate data. The breach related to 124 potential candidates whose accounts had been accessed on March 13.”
On March 21, the Ministry of Defense submitted a formal breach notification to the Information Commissioner’s Office (ICO), the body responsible for data protection in the UK
A spokesperson for the ICO said that
“after making inquiries and carefully reviewing the information provided, we decided no further action was needed at this time.”
It is unclear what impact the data breach and subsequent shutdown will have on recruitment numbers.
Member of parliament Mark Francois, a former defence minister, said:
“This security breach is extremely concerning, not least in light of Russia’s war in Ukraine and Russia’s long history of hostile cyber operations."