For the most part the exposure appears to have been limited to names and bank details for both active members of the UK armed forces and veterans. The UK government has named SSCL, a business services provider, as the source of the third party breach.

