A ransomware attack on a third-party provider to Greater Manchester Police (GMP) has exposed the personal data of more UK police officers.
The attackers are believed to have targeted a company in Stockport, near Manchester, UK, which manufactures ID cards for various organizations including GMP. It therefore contains personal information about staff working at GMP, which recently celebrated the employment of more than 8,000 police officers for the first time.
There are now fears that the names of police officers, including those working undercover or in sensitive areas such as surveillance and intelligence, could be made public.
ACC Colin McFarlane of Greater Manchester Police said the incident was being treated “extremely seriously”, and a national criminal investigation was underway.
“We understand how concerning this is for our employees. As we work to understand any impact on GMP, we have contacted the Information Commissioners Office and are doing all we can to ensure employees are kept informed, their questions are answered and they feel supported “, commented McFarlane.
It is not believed at this stage that the attackers had access to financial data.
British police suffer multiple data breaches
The incident occurred shortly after a accidental leak personal data of police officers and civilian staff working at the Police Service of Northern Ireland (PSNI) following a Freedom of Information (FoI) request in August. This information included the names and initials of current department employees, their rank or grade, and the location and department in which they work.
Experts stress that revealing the identity of the police officers could have serious consequences, because these individuals potential targets for terrorists and other criminal groups.
Commenting on this story, Jake Moore, global security advisor at ESET and former cybersecurity advisor to Dorset Police, said the impact of the breach on officers and staff could be “heartbreaking”.
He added that the attack demonstrates that critical public sector organizations like the police must carefully review the security of all third-party providers and focus on their own internal measures.
“Many companies in the police supply chain deal with extremely sensitive data, but it is imperative that this is controlled not only in terms of controls, but also in terms of security protocols. When dealing with this level of sensitive information that could have enormous repercussions, it is essential that it is protected to the highest possible standards,” Moore said.
In another recent UK police data breach case, the information of more than 1,000 people, including crime victims, was breached. accidentally exposed by Norfolk and Suffolk Police.