Who was responsible for the Ministry of Defence contractor breach?

The attack is claimed by the Russian cybercrime group Lynx. The breach was executed as a gateway attack targeting the Dodd Group and resulted in the theft of approximately 4 terabytes of data from the contractor's systems.

When did the Dodd Group breach occur?

The Dodd Group's network was first compromised on September 23. The hackers issued an ultimatum warning that time is running out and began systematically releasing the stolen material on the dark web in stages, with two out of four planned data dumps already published.

Which military bases were affected by the data breach?

The leaked documents contain sensitive information about eight RAF and Royal Navy bases, including RAF Lakenheath, RAF Portreath, RAF Predannack, RAF Mildenhall, RAF St Mawgan, RNAS Culdrose, HMS Raleigh, and HMS Drake.

What type of sensitive information was stolen in the MoD contractor breach?

The stolen data includes visitor forms and records containing contractors' and MoD personnel information, construction files, contractors' names, car registration numbers, mobile phone numbers, MoD personnel names and email addresses, internal email guidance, security instructions, and documents marked as Controlled or Official Sensitive.

How much data was stolen from the Dodd Group?

The attack resulted in the theft of approximately 4 terabytes of data from the Dodd Group's systems, although a company spokesman claimed only limited data was stolen and that systems had been secured and recovered.

What is the response to the MoD contractor data breach?

The Ministry of Defence has acknowledged the breach and stated it is actively investigating the situation. The Dodd Group confirmed a cyber incident had occurred and claimed to have secured and recovered its systems.

Incident

Hackers breach UK Military contractor, exposing defence base information

Q: What happened in the UK Ministry of Defence contractor data breach?

Cybercriminals infiltrated the Dodd Group, a major UK building and maintenance contractor that provides services to the Ministry of Defence, stealing and publicly releasing hundreds of sensitive military documents containing information about British and US military installations. Security experts have described the attack as a catastrophic security failure.

published: Oct. 19, 2025

Learn More

Cybercriminals have infiltrated a UK Ministry of Defence contractor, stealing and publicly releasing hundreds of sensitive military documents containing information about British and US military installations.

The attack is described by security experts as a "catastrophic security failure".

The breach was executed a "gateway attack" targeting the Dodd Group, a major UK building and maintenance contractor that provides services to the Ministry of Defence. The attack is claimed by the Russian cybercrime group Lynx and resulted in the theft of approximately 4 terabytes of data from the contractor's systems.

The Dodd Group's network was first compromised on September 23. Rhe hackers issuing an ultimatum warning that "time is running out" and giving the company an opportunity to resolve the matter before facing "inevitable consequences." The hackers have begun systematically releasing the stolen material on the dark web in stages, with two out of four planned data dumps already published.

The leaked documents contain sensitive information about eight RAF and Royal Navy bases, including:

RAF Lakenheath in Suffolk, where the US Air Force operates F-35 stealth jets. The base is believed to house US nuclear weapons.
RAF Portreath, a classified radar station thats part of NATO's air defence network
RAF Predannack, currently home to the UK's National Drone Hub.
RAF Mildenhall, which also hosts US F-35 fighter squadrons
RAF St Mawgan
Royal Navy facilities including RNAS Culdrose (one of the Royal Navy's principal air stations), HMS Raleigh, and HMS Drake.

The stolen data encompasses includes:

Visitor forms for RAF Portreath containing contractors' and MoD personnel information
Visitor records for RNAS Culdrose
Construction files from Kier Group related to work at RAF Lakenheath and RAF Mildenhall
Contractors' names, car registration numbers, and mobile phone numbers
MoD personnel names and email addresses
Internal email guidance and security instructions
Documents marked "Controlled" or "Official Sensitive"

The number of affected individuals has not been disclosed by either the Dodd Group or the Ministry of Defence. A Dodd Group spokesman confirmed a "cyber incident" had occurred but claimed only "limited data" was stolen, stating that the company had "secured and recovered" its systems.

The Ministry of Defence has acknowledged the breach and stated it is "actively investigating" the situation.

Hackers breach UK Military contractor, exposing defence base information

Read More
HVAC contractor Mechanical Systems & Services reports incident …
Anywhere Real Estate Data Breach via Oracle EBS …
L&S Mechanical Ransomware Attack Exposes Data of Over …
Title Guaranty Company of Lewis County Hit by …
Sansone Group hit by ransomeare attack