Another British Police Force Leaks Confidential Data

The personal information about thousands of Greater Manchester Police (GMP) officers' has been hacked by a cyber attack on the Stockport company used by the police to produce the force’s warrant cards. The obvious suspicion is that the details of officers’ name badges, including their ranks, photos and serial numbers, may have been taken by hackers. 

GMP confirmed it was aware of a ransomware attack on a local company that supplies digital ID cards that was being taken “extremely seriously”. The National Crime Agency is understood to have launched an investigation into the breach, which is the third involving a large UK police force in the last few weeks.

The hack means thousands of police officers' names are at risk of being placed in the public domain. Assistant Chief Constable Colin McFarlane said he understood how concerning the matter was. “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.

At this stage, it’s not believed this data includes financial information, McFarlane said. "We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered and they feel supported. This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”

This comes just over a month after a serious data breach at the Police Service of Northern Ireland. In that incident, surnames and initials of 10,000 police employees were accidentally included in a response to a Freedom of Information request. The details were then published online before being removed. 

Paul Holland, CEO of Beyond Encryption commented “While the details of this incident are yet to be revealed, it is of great concern that we’re seeing another attack impact the police force so recently after the data breach suffered by the PSNI, placing the personal information of police officers at risk yet again..."

Knowing that the identities of undercover officers are now in the hands of unknown threat actors is an unacceptable breach of policing staff trust, and could be dangerous for both them and the citizens they protect.

"Organisations must ensure that they have robust safeguarding measures in place to mitigate these attacks in future or we risk more personal data falling into the wrong hands.” Holland concluded.

Last month, the Metropolitan Police was also put on alert after a similar security breach involving one of its suppliers. Ed Gibson, a former FBI investigator who also headed cyber security at Microsoft UK, said any report of hacking of law enforcement data was "extremely worrying". "You don't want this stuff falling into the wrong hands," he added.

Gibson advises that any company facing a ransom demand should "get it investigated, don't pay up". This kind of extortion is very lucrative for criminals, he said, adding: "It used to be a horse's head in the bed now it's an email to your IT department."

Greater Manchester Police:     BBC:     Guardian:     Sky:    Metro:     Independent:     Punch

You Might Also Read: 

Manchester University Hacked:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Driving LGBTQ+ Change From Within
The Slots Fall Silent »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Vehere

Vehere

Vehere specialises in mission critical signals aquisition and analytics platform and cyber defence systems.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Newtech Recycyling

Newtech Recycyling

Newtech Recycyling specializes in the removal and disposal of IT infrastructure which has reached the end of its life cycle.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

Tier One Technology Partners

Tier One Technology Partners

Tier One Technology Partners is an IT managed services provider that focuses on cybersecurity, cloud services, IT consulting, and infrastructure.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.