The UK Ministry of Defence (MoD) has experienced a significant data breach in its supply chain, believed to be the work of an undisclosed advanced persistent threat (APT) actor possibly backed by the Chinese government. The cyber attack targeted MoD employees, including members of the armed forces, through an attack on a payroll system supplier. Approximately 270,000 data points, including names and banking details, were exposed, but no other MoD systems were affected, and salaries have not been impacted. The UK has chosen not to attribute the attack formally, citing national security concerns. Defence Secretary Grant Shapps has announced an eight-point plan of action, including taking affected systems offline, conducting investigations with third-party experts, and informing and supporting affected personnel. Statements from the Chinese government have rejected accusations of involvement in the attack. Former National Cyber Security Centre (NCSC) chief Ciaran Martin has highlighted the prevalence of nation-state cyber espionage and suggested that attention should be focused on other areas of Chinese cyber activity that pose a greater threat to critical infrastructure. The incident serves as a reminder of the risks associated with vulnerabilities in supply chains.