The personal details of police officers have been compromised following a cyber attack on a Stockport based ID card manufacturing company. The company holds data on various UK organizations including some personnel employed by Greater Manchester Police (GMP).
The GMP confirmed there had indeed been a ransomware attack, suggesting the potential risk of thousands of police officers’ names being exposed to the public. While the names of many officers are publicly available, the issue of grave concern is the possible unmasking of undercover officers’ identities.
Assistant Chief Constable Colin McFarlane expressed understanding on the level of concern raised. He clarified that, currently, there was no belief the compromised data included any financial information. He said, “We have informed the Information Commissioner’s Office and are doing everything possible to ensure employees are kept updated, get their questions answered, and feel supported. This incident is being treated with extreme severity, and a nationally-led criminal investigation into the attack has been initiated.”
The leading authority in the investigation has been confirmed as the National Crime Agency.
This alarming incident took place just over a month after a significant data breach within the Police Service of Northern Ireland. In that occurrence, surnames and initials of 10,000 police employees were unintentionally included in a response to a Freedom of Information request and were subsequently published online before being removed.
The Metropolitan Police too were put on guard last month after a similar security breach involving one of their suppliers came to light.
Former FBI investigator, Ed Gibson, who has also led cyber security at Microsoft UK, labeled any hacking report of law enforcement data as “extremely worrying”. He cautioned against falling into the trap of complying with a ransom demand and instead suggested getting the situation investigated.
Mike Peake, chairman of Greater Manchester Police Federation, expressed his concerns about the possible leaking of personal details in such a fashion and conceded that it had understandably caused anxiety among many officers. He assured that work was being done to minimize the risks this breach could pose on their colleagues.
Elizabeth Baxter, head of cyber investigations at the Information Commissioner’s Office, reiterated that police officers and staff were justified in expecting their information to be securely managed. She said, “The incident has been reported to us, and we will be conducting an investigation into what transpired, and raising questions on behalf of those affected.”