Another British Police Force Leaks Confidential Data

Uploaded on 2023-09-15 in GOVERNMENT-Law Enforcement, FREE TO VIEW

The personal information about thousands of Greater Manchester Police (GMP) officers' has been hacked by a cyber attack on the Stockport company used by the police to produce the force’s warrant cards. The obvious suspicion is that the details of officers’ name badges, including their ranks, photos and serial numbers, may have been taken by hackers. 

GMP confirmed it was aware of a ransomware attack on a local company that supplies digital ID cards that was being taken “extremely seriously”. The National Crime Agency is understood to have launched an investigation into the breach, which is the third involving a large UK police force in the last few weeks.

The hack means thousands of police officers' names are at risk of being placed in the public domain. Assistant Chief Constable Colin McFarlane said he understood how concerning the matter was. “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.

At this stage, it’s not believed this data includes financial information, McFarlane said. "We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered and they feel supported. This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”

This comes just over a month after a serious data breach at the Police Service of Northern Ireland. In that incident, surnames and initials of 10,000 police employees were accidentally included in a response to a Freedom of Information request. The details were then published online before being removed. 

Paul Holland, CEO of Beyond Encryption commented “While the details of this incident are yet to be revealed, it is of great concern that we’re seeing another attack impact the police force so recently after the data breach suffered by the PSNI, placing the personal information of police officers at risk yet again..."

Knowing that the identities of undercover officers are now in the hands of unknown threat actors is an unacceptable breach of policing staff trust, and could be dangerous for both them and the citizens they protect.

"Organisations must ensure that they have robust safeguarding measures in place to mitigate these attacks in future or we risk more personal data falling into the wrong hands.” Holland concluded.

Last month, the Metropolitan Police was also put on alert after a similar security breach involving one of its suppliers. Ed Gibson, a former FBI investigator who also headed cyber security at Microsoft UK, said any report of hacking of law enforcement data was "extremely worrying". "You don't want this stuff falling into the wrong hands," he added.

Gibson advises that any company facing a ransom demand should "get it investigated, don't pay up". This kind of extortion is very lucrative for criminals, he said, adding: "It used to be a horse's head in the bed now it's an email to your IT department."

Greater Manchester Police:     BBC:     Guardian:     Sky:    Metro:     Independent:     Punch

You Might Also Read: 

Manchester University Hacked:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Driving LGBTQ+ Change From Within
The Slots Fall Silent »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Centripetal Networks

Centripetal Networks

Centripetal Networks was founded with one vision - to protect networks from advanced threats by simplifying intelligence-driven security.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

Cyberhill Partners

Cyberhill Partners

Cyberhill is a professional engineering services firm solving complex software implementation and integration challenges.