Police data breach: 20,000 data points 'at risk'

Last month's attack could have unveiled officers' names and photos

Police data breach: 20,000 data points 'at risk'

A ransomware attack on a third party supplier last month may have revealed a swathe of information on active police staff, a senior officer has said.

Digital ID, a Stockport-based firm that makes ID cards for several police organisations in the UK, was the victim of a ransomware attack last month.

Lee Rawlinson, chief resource officer at Greater Manchester Police (GMP), which is a customer, has told a public meeting it was a "very serious event."

"Several" forces and government departments have been affected, he added, including the Metropolitan Police.

The data breach occurred last month, although was only announced recently, and the National Crime Agency is investigating.

At this stage, it is not known what information has actually been stolen, with Rawlinson referring to it as "potentially" gone.

"I think around 20,000-plus details had been potentially at risk. I say potentially, because we're still waiting for the company that has been breached to get as much detail of what actually has gone to us."

He said the data is "relatively low-risk." It doesn't include financial details, but "it does pertain to some officers' names and in some cases photo identification."

The Local Democracy Reporting Service has asked Rawlinson to clarify whether the 20,000 details he referred to relate only to GMP, or to other forces and departments.

While schools are traditionally warned about cybersecurity during September, the last two months have proven even more dangerous for the police.

Forces around the country have suffered data breaches, with thousands of officers' details exposed or going missing.

Victims include the Metropolitan Police, Police Service Northern Ireland, Cumbria Police and Norfolk and Suffolk Police.