Defence Personnel Data Breach

David Mundell Excerpts
Tuesday 7th May 2024

(7 months, 2 weeks ago)

Commons Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Grant Shapps Portrait Grant Shapps
- View Speech - Hansard - - - Excerpts

I share my right hon. Friend’s concern about the safety and wellbeing of those soldiers. Thankfully, the answer is that very few addresses have been leaked—a very tiny number. On sanctions and what will happen, we must not jump the order of events. We have to be confident we are able to run through the audit trail of exactly what has happened. However, I again make it clear from the Dispatch Box that if negligence has been involved, then we will take the strongest possible action as a result. He and the whole House understand that that is our concern this afternoon.

David Mundell Portrait David Mundell (Dumfriesshire, Clydesdale and Tweeddale) (Con)
- View Speech - Hansard - -

May I seek my right hon. Friend’s reassurance that there is cross-Government working to identify the vulnerabilities in the system? We have heard this afternoon that a subcontractor’s involvement was identified as a vulnerable point. Recently, my constituents had their medical records hacked because, as a small, rural authority, it was identified as more vulnerable. Are we, across Government and across the United Kingdom, seeking out those vulnerabilities to make our data safer from malign actors and indeed from plain criminals?

Grant Shapps Portrait Grant Shapps
- View Speech - Hansard - - - Excerpts

I reassure my right hon. Friend that the reason I immediately asked the Cabinet Office to be involved is that, although I can do checks on that contractor and others across the MOD and MOD-related contracts, I cannot do so across the rest of Government. That is exactly the job that the Cabinet Office will now undertake. When data is stolen—or rather exposed and potentially stolen—it causes a great deal of concern and we want to ensure that that cannot happen. I reiterate that the data was not being held by the MOD systems and did not affect the MOD systems, but as Secretary of State I recognise that our responsibility extends to whoever is holding the data for our personnel, and I apologise to those involved again. This should never have happened and we will make sure it is put right.