Another British Police Force Leaks Confidential Data

The personal information about thousands of Greater Manchester Police (GMP) officers' has been hacked by a cyber attack on the Stockport company used by the police to produce the force’s warrant cards. The obvious suspicion is that the details of officers’ name badges, including their ranks, photos and serial numbers, may have been taken by hackers. 

GMP confirmed it was aware of a ransomware attack on a local company that supplies digital ID cards that was being taken “extremely seriously”. The National Crime Agency is understood to have launched an investigation into the breach, which is the third involving a large UK police force in the last few weeks.

The hack means thousands of police officers' names are at risk of being placed in the public domain. Assistant Chief Constable Colin McFarlane said he understood how concerning the matter was. “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.

At this stage, it’s not believed this data includes financial information, McFarlane said. "We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered and they feel supported. This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”

This comes just over a month after a serious data breach at the Police Service of Northern Ireland. In that incident, surnames and initials of 10,000 police employees were accidentally included in a response to a Freedom of Information request. The details were then published online before being removed. 

Paul Holland, CEO of Beyond Encryption commented “While the details of this incident are yet to be revealed, it is of great concern that we’re seeing another attack impact the police force so recently after the data breach suffered by the PSNI, placing the personal information of police officers at risk yet again..."

Knowing that the identities of undercover officers are now in the hands of unknown threat actors is an unacceptable breach of policing staff trust, and could be dangerous for both them and the citizens they protect.

"Organisations must ensure that they have robust safeguarding measures in place to mitigate these attacks in future or we risk more personal data falling into the wrong hands.” Holland concluded.

Last month, the Metropolitan Police was also put on alert after a similar security breach involving one of its suppliers. Ed Gibson, a former FBI investigator who also headed cyber security at Microsoft UK, said any report of hacking of law enforcement data was "extremely worrying". "You don't want this stuff falling into the wrong hands," he added.

Gibson advises that any company facing a ransom demand should "get it investigated, don't pay up". This kind of extortion is very lucrative for criminals, he said, adding: "It used to be a horse's head in the bed now it's an email to your IT department."

Greater Manchester Police:     BBC:     Guardian:     Sky:    Metro:     Independent:     Punch

You Might Also Read: 

Manchester University Hacked:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Driving LGBTQ+ Change From Within
The Slots Fall Silent »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

CERT Bulgaria (CERT.BG)

CERT Bulgaria (CERT.BG)

CERT Bulfaria is the National Computer Security Incidents Response Team for Bulgaria.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

GuardSquare

GuardSquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Echoworx

Echoworx

Echoworx primary and exclusive focus is providing organizations with secure email services.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.