Another British Police Force Leaks Confidential Data

Uploaded on 2023-09-15 in GOVERNMENT-Law Enforcement, FREE TO VIEW

The personal information about thousands of Greater Manchester Police (GMP) officers' has been hacked by a cyber attack on the Stockport company used by the police to produce the force’s warrant cards. The obvious suspicion is that the details of officers’ name badges, including their ranks, photos and serial numbers, may have been taken by hackers. 

GMP confirmed it was aware of a ransomware attack on a local company that supplies digital ID cards that was being taken “extremely seriously”. The National Crime Agency is understood to have launched an investigation into the breach, which is the third involving a large UK police force in the last few weeks.

The hack means thousands of police officers' names are at risk of being placed in the public domain. Assistant Chief Constable Colin McFarlane said he understood how concerning the matter was. “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.

At this stage, it’s not believed this data includes financial information, McFarlane said. "We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered and they feel supported. This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”

This comes just over a month after a serious data breach at the Police Service of Northern Ireland. In that incident, surnames and initials of 10,000 police employees were accidentally included in a response to a Freedom of Information request. The details were then published online before being removed. 

Paul Holland, CEO of Beyond Encryption commented “While the details of this incident are yet to be revealed, it is of great concern that we’re seeing another attack impact the police force so recently after the data breach suffered by the PSNI, placing the personal information of police officers at risk yet again..."

Knowing that the identities of undercover officers are now in the hands of unknown threat actors is an unacceptable breach of policing staff trust, and could be dangerous for both them and the citizens they protect.

"Organisations must ensure that they have robust safeguarding measures in place to mitigate these attacks in future or we risk more personal data falling into the wrong hands.” Holland concluded.

Last month, the Metropolitan Police was also put on alert after a similar security breach involving one of its suppliers. Ed Gibson, a former FBI investigator who also headed cyber security at Microsoft UK, said any report of hacking of law enforcement data was "extremely worrying". "You don't want this stuff falling into the wrong hands," he added.

Gibson advises that any company facing a ransom demand should "get it investigated, don't pay up". This kind of extortion is very lucrative for criminals, he said, adding: "It used to be a horse's head in the bed now it's an email to your IT department."

Greater Manchester Police:     BBC:     Guardian:     Sky:    Metro:     Independent:     Punch

You Might Also Read: 

Manchester University Hacked:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Driving LGBTQ+ Change From Within
The Slots Fall Silent »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

Styx Intelligence

Styx Intelligence

Styx Intelligence’s platform provides visibility and supports remediation against threats targeting your digital assets.