Another British Police Force Leaks Confidential Data

The personal information about thousands of Greater Manchester Police (GMP) officers' has been hacked by a cyber attack on the Stockport company used by the police to produce the force’s warrant cards. The obvious suspicion is that the details of officers’ name badges, including their ranks, photos and serial numbers, may have been taken by hackers. 

GMP confirmed it was aware of a ransomware attack on a local company that supplies digital ID cards that was being taken “extremely seriously”. The National Crime Agency is understood to have launched an investigation into the breach, which is the third involving a large UK police force in the last few weeks.

The hack means thousands of police officers' names are at risk of being placed in the public domain. Assistant Chief Constable Colin McFarlane said he understood how concerning the matter was. “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.

At this stage, it’s not believed this data includes financial information, McFarlane said. "We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered and they feel supported. This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”

This comes just over a month after a serious data breach at the Police Service of Northern Ireland. In that incident, surnames and initials of 10,000 police employees were accidentally included in a response to a Freedom of Information request. The details were then published online before being removed. 

Paul Holland, CEO of Beyond Encryption commented “While the details of this incident are yet to be revealed, it is of great concern that we’re seeing another attack impact the police force so recently after the data breach suffered by the PSNI, placing the personal information of police officers at risk yet again..."

Knowing that the identities of undercover officers are now in the hands of unknown threat actors is an unacceptable breach of policing staff trust, and could be dangerous for both them and the citizens they protect.

"Organisations must ensure that they have robust safeguarding measures in place to mitigate these attacks in future or we risk more personal data falling into the wrong hands.” Holland concluded.

Last month, the Metropolitan Police was also put on alert after a similar security breach involving one of its suppliers. Ed Gibson, a former FBI investigator who also headed cyber security at Microsoft UK, said any report of hacking of law enforcement data was "extremely worrying". "You don't want this stuff falling into the wrong hands," he added.

Gibson advises that any company facing a ransom demand should "get it investigated, don't pay up". This kind of extortion is very lucrative for criminals, he said, adding: "It used to be a horse's head in the bed now it's an email to your IT department."

Greater Manchester Police:     BBC:     Guardian:     Sky:    Metro:     Independent:     Punch

You Might Also Read: 

Manchester University Hacked:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Driving LGBTQ+ Change From Within
The Slots Fall Silent »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

Open Information Security Foundation (OISF)

Open Information Security Foundation (OISF)

OISF is a non-profit organization led by world-class security experts, programmers, and others dedicated to open source security technologies.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

NANDoff Data Recovery

NANDoff Data Recovery

NANDoff is a flat rate data recovery service. We serve the electronics industry around the globe 24/7.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Credible Digital Security Pvt. Ltd. (CDSPL)

Credible Digital Security Pvt. Ltd. (CDSPL)

CDSPL is an innovative Cyber Security Services Company in India. We are committed to offering cyber security solutions for important sectors such as energy and utilities, healthcare, and more.

Halogen Group

Halogen Group

Halogen Group is the leading Security Solutions Provider in West Africa. Services encompass Physical Security, Electronic Security, Virtual & Cyber Security, Risk Assessments and Training.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.