{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreicdcbjn6qpt3ehd2to6kmwbtlutckj3i5t4f2ug4wbjrkjw7as224",
"uri": "at://did:plc:b7afdzqsmwksxypciqnplglk/app.bsky.feed.post/3mncl7quukdp2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreieidfvk6ash5ucy6xeondkxi6m34h5vbakflojpe4dsarajx4mysi"
},
"mimeType": "image/jpeg",
"size": 110324
},
"path": "/2026/06/02/mod-logs-45-suspected-security-breaches-daily-600-assets-attractive-terrorists-lost-28614982/",
"publishedAt": "2026-06-02T11:49:10.000Z",
"site": "https://metro.co.uk",
"tags": [
"News",
"UK",
"British Government",
"Ministry of Defence",
"News Updates",
"Breaking News",
"social media",
"check our news page",
"Add Metro as a Preferred Source on Google\nAdd as preferred source"
],
"textContent": "Close to 19,000 events which risked Defence assets were flagged to officials (Picture: Getty)\n\nMore than 40 suspected security breaches are being reported to the Ministry of Defence every day, Metro can reveal.\n\nClose to 19,000 incidents that could have compromised British Defence assets were flagged to officials from January 2025 to February 2026.\n\nThis included thousands of reports of lost hardware, such as phones and laptops, as well as assets classed as attractive to terrorists.\n\nDefence personnel also raised questions over dozens of occasions where people were left unaccompanied on site, and more than 20 suspected undeclared relationships with nationals from restricted countries.\n\nMetro’s findings have prompted calls from senior politicians and experts for the Ministry of Defence (MoD) to fix a ‘complacent’ culture around security.\n\n## Sign up for all of the latest stories\n\nStart your day informed with Metro's **News Updates** newsletter or get **Breaking News** alerts the moment it happens.\n\nData obtained by this newspaper has revealed that almost 19,000 security incidents were reported through the MoD’s Security Incident Reporting Form (SIRF) in 2025 and the first two months of 2026 – an average of 45 a day.\n\nA security incident is defined as any event that compromises or has the potential to compromise defence assets, including personnel, information or infrastructure.\n\nOfficials at the MoD receive as many as 45 reports of suspected breaches a day (Picture: Leon Neal/Getty Images)\n\nThe figures revealed that sensitive items, such as laptops, phones and USBs, were being reported lost three times a day on average, a total of more than 1600 SIRF forms over the 14 months.\n\nThere were also over 200 reports of device thefts and more than 200 SIRFs recording the loss of potentially sensitive paper documents and notes.\n\nOf particular concern are the over 600 reported losses of assets classified as Attractive to Criminal and Terrorist Organisations (ACTO).\n\nThe MoD specifically warns that the loss of ACTO assets constitutes a threat to life or could support and enable a terrorist or criminal threat.\n\nThere were also 71 reported thefts of ACTO assets.\n\nProfessor Alan Woodward, a security expert, warned this data ‘smacks of complacency’.\n\nHe told **Metro** : ‘It never ceases to amaze me how we still lose laptops and bits of electronic equipment.\n\n‘Even if this equipment is protected and encrypted, it is potentially still of interest because some information can still be retrieved. You just need to be so careful.’\n\nThe SIRF Forms also raise concerns about how security is approached on sensitive MoD sites.\n\nOfficials reported close to 150 occasions where there was a failure to escort visitors or personnel.\n\nMoD chiefs were also informed of 22 undeclared relationships with restricted country nationals.\n\nDefence Secretary John Healey has been urged to improve the MoD’s culture on security (Picture: ZUMA Press Wire/Shutterstock)\n\nProf Woodward said: ‘We are living in a more aggressive geopolitical environment. Overseas countries are going to take any opportunity they can to get more information on our military.\n\n‘You are told very very clearly [to declare relationships. In the modern world it is much easier to entrap people and to make them become targets.\n\n‘The MoD has to keep relearning these lessons [on security]. They have to make sure that people have it in front of their minds.’\n\nSensitive MoD areas appeared to be exposed on a number of other occasions.\n\nThere were 400 reports of unauthorised physical access or attempts to gain unauthorised access, as well as almost 350 reports of suspicious drone activity.\n\nThe data has also placed more scrutiny on the number of personnel potentially breaking crucial MoD security policies.\n\nStaff made more than 2,700 reports of security rules and procedures being breached.\n\nThese could have included bringing personal electronic devices into restricted areas, and a failure to secure material.\n\nThere were also more than 2,000 reports of unauthorised disclosures of information, including on social media and leaks to the press.\n\nThe Chair of the Defence Committee in the House of Commons warned that security breaches can cause things to ‘go catastrophically wrong’.\n\nLabour MP Tan Dhesi told **Metro** : ‘The Ministry of Defence must do all it can to promote a culture that prioritises security, whether this be preventing breaches at bases, or ensuring that sensitive information does not fall into the wrong hands.\n\n‘Importantly, it also means the MOD should encourage individuals to report security breaches when they do happen.\n\n‘When things go wrong, they can go catastrophically wrong, and the Afghan data breach is a prime example of this.’\n\nThe largest number of reports related to lost or stolen ID cards, which experts warned could still ‘pose a threat’ (Picture: James Willoughby/SOPA Images/LightRocket via Getty Images)\n\nThe largest number of reports – more than 5,000 – related to lost, stolen or misused ID cards.\n\nProf Woodward said ID cards falling out of the hands of personnel was still ‘a worry’ and could ‘pose a threat’.\n\nHe added: ‘It relies on people being diligent. Immediately when a loss is reported, access can be taken out of the system.’\n\nPotential cyber breaches accounted for more than 700 SIRF Forms, but the MoD did not disclose further specific information about those reports.\n\nThe Ministry of Defence did not reveal the reason for 2,000 of the most sensitive reports, including potential reports of insecure sites, corruption, reconnaissance and other concerns.\n\nThe MoD also stressed that the submission of a SIRF does not indicate that a genuine security breach has occurred.\n\nOfficials insisted that the existence of a SIRF should not be interpreted as confirmation of a validated threat or vulnerability, as all reported are first triaged to determine the risk.\n\nProfessor Angela Sasse, who studies human behaviour in security systems, said her research has ‘continuously shown that many security policies cannot be followed in practice.’\n\nThe UCL lecturer added: ‘In some cases there may be malicious intent, ignorance or carelessness – but most people, most of the time, break the rules because they had to make a choice between getting an urgent task done, or following the rules.’\n\nJames Cartldige MP, Shadow Defence Secretary, said: ‘These figures are a stark reminder that, in an increasingly dangerous world, security can never be taken for granted.\n\n‘Our brave servicemen and women do an outstanding job protecting our country, but everyone across Defence must remain vigilant and take responsibility for their own actions and those around them.\n\n‘Our Armed Forces deserve strong leadership and unwavering support. Only the Conservatives, under new leadership, have a plan to back our Armed Forces and keep Britain secure.\n\nA Ministry of Defence spokesperson said: ‘We take all breaches of security very seriously and encourage use of Security Incident Reporting Forms.\n\n‘All incidents are subjected to a security risk assessment, and we do not hesitate to take further action where necessary.’\n\n******Get in touch with our news team by emailing us atwebnews@metro.co.uk.******\n\n**For more stories like this,** check our news page.\n\nComment now Comments \nAdd Metro as a Preferred Source on Google\nAdd as preferred source\n",
"title": "MoD logs 45 security breaches a day as ‘terror-target’ devices and IDs go missing"
}