Data for 120 army recruits found on the dark web

The UK army's recruitment system has been offline for over a month after candidate data was found on the dark web.

Data for around 120 recruits was spotted as for sale on a rogue website, leading officials to suspect the system had been compromised, according to The Guardian.

The system, which is run in partnership with outsourcing firm Capita, has been offline since mid-March, almost coinciding with Russia's invasion of Ukraine, though it is not thought that it is the work of any Russian-related actors. However, the incident was serious enough that the Ministry of Defence (MoD) felt it needed to notify the Information Commissioner's Office (ICO).

"The Ministry of Defence made us aware of this incident," an ICO spokesperson said. "After making enquiries and carefully reviewing the information provided, we decided no further action was needed at this time."

An MoD investigation is still ongoing as it is unclear if the compromise is because of a hack or a simple case of an unauthorized party getting access to a screen grab or a printout of the data.

"Following the compromise of a small selection of recruit data, the army's online recruitment services were temporarily suspended pending an investigation," an Army spokesperson told the Guardian. "This investigation has now concluded allowing some functionality to be restored and applications to be processed."

While the internal Defence Recruitment System has been restored, the army's external online portal is still down and has been a cause of concern. Emergency systems have had to be used to handle candidate recruitment for the last five weeks.

Whatever the method or scale of the breach, it is another setback for the army and its partnership with Capita. The two have jointly handled the recruitment site since 2012, though it has been riddled with issues. In 2018, the National Audit Office blamed both the MoD and Capita for severe delays that contributed to multiple missed targets over six years.