EXPERT COMMENT
Not for the first time, a Western government agency suffered a major data breach where third-party contractors were exploited as a likely weak link.
On 6 May, news broke that the details of 270,000 service personnel working for the UK Ministry of Defence (MOD) had been accessed. It was part of a cyber-espionage operation targeting a contractor responsible for managing the MOD's payroll system.
In a statement to parliament, the UK's defence secretary Grant Shapps said that the data breach was suspected to be the work of a malign actor and state involvement could not be ruled out.
Although the government did not officially attribute this data breach, many MPs pointed fingers at China, recalling its track record in cyber espionage - a significant and long-standing issue for many Western countries.
A similar data breach occurred in 2014 at the US Office of Personnel Management (OPM), a government agency overseeing the federal workforce, but on a significantly larger scale. The breach was detected in 2015 and the perpetrators used a third-party contractor as the initial point of entry into OPM's network.
Click here to continue reading the full version of this Expert Comment on the Chatham House website.