'Thousands' of police officers' details exposed in third-party hack

A supplier for Greater Manchester Police has been hit with ransomware

Tom Allen
clock • 2 min read
Greater Manchester Police is one of Britain's largest forces, with sizeable covert and counter-terrorism units
Image:

Greater Manchester Police is one of Britain's largest forces, with sizeable covert and counter-terrorism units

One of the largest police forces in Britain is working to contain the effects of a cyberattack that has exposed the personal information of "thousands" of officers.

Greater Manchester Police, which employs more than 8,000 officers, has said a third-party supplier has been breached in a ransomware attack.

The breach has exposed the details of officers' name badges, which includes their ranks, photographs and serial numbers.

Financial information is not understood to have been part of the stolen data.

The force says it is taking the situation "extremely seriously," and the National Crime Agency has launched an investigation into the incident.

Assistant chief constable Colin McFarlane said: "We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP. At this stage, it's not believed this data includes financial information.

"We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner's Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.

"This is being treated extremely seriously, with a nationally led criminal investigation into the attack."

Although no personal information has been published online yet, having it stolen still represents a risk for officers.

Greater Manchester Police has numerous officers in undercover and counter-terrorism roles, all of whom rely on secrecy.

Raj Samani, SVP and chief scientist at Rapid7, said: "The exposure of sensitive information such as the identities of undercover officers can jeopardise criminal cases, and at worst, endanger officers' lives. Therefore, it is even more important that supply chains are secured."

Public sentiment towards the police, especially trust, was already at a low point before recent data breaches.

This is the fifth data breach in policing in the last two months, with others affecting services in Northern Ireland; Cumbria; Norfolk & Suffolk; and the Metropolitan Police.

The Ministry of Defence suffered a similar breach earlier this month, when one of its own suppliers was attacked.

Jake Moore, global security advisor at ESET, said: 

"Once again, we find another data leak with harrowing consequences affecting police officers and staff. Cybercriminals will attack all links in the chain for a weak link and if this involves a small company used to make ID cards then this firm will require the same security as the force in question.

"Many businesses in the police's supply chain will handle extremely sensitive data but it is imperative that they are checked not only in terms of vetting but in terms of security protocols as well. When dealing with this level of sensitive information that could cause huge knock-on effects it is vital that they are protected to the highest possible standard."

You may also like
Microsoft can't guarantee UK data sovereignty

Police

UK policing data may be transferred overseas

clock 24 June 2024 • 3 min read
UK gym chain Total Fitness leaks personal images online

Hacking

Other leaked data includes ID documents, payment information and phone numbers

clock 18 June 2024 • 2 min read
Cyber gang shifts focus to SaaS apps

Security

‘Scattered Spider’ is targeting vSphere, Salesforce, Crowdstrike and more

clock 18 June 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Hacking

UK gym chain Total Fitness leaks personal images online

UK gym chain Total Fitness leaks personal images online

Other leaked data includes ID documents, payment information and phone numbers

Vikki Davies
clock 18 June 2024 • 2 min read
Dutch NCSC warns of ongoing Chinese FortiGate attacks

Dutch NCSC warns of ongoing Chinese FortiGate attacks

About 14,000 firewalls breached before Fortinet knew about the flaw

clock 14 June 2024 • 3 min read
Pure Storage says attackers broke into a Snowflake environment

Pure Storage says attackers broke into a Snowflake environment

But no sensitive data was compromised

clock 13 June 2024 • 2 min read