The personal details of Greater Manchester Police (GMP) officers have been hacked after the force was targeted in a cyber attack.
Though GMP has confirmed no home address or financial information was stolen, details on warrant cards and identity badges 鈥 including names and photos of individuals and police collar numbers or identity numbers 鈥 were stolen from the force鈥檚 supplier of ID badges, says the BBC.
鈥淓xtremely Seriously鈥
A third-party supplier of ID badges for the Northwest police force has been targeted in a cyber 鈥榬ansomware attack鈥.
GMP has stated that the National Crime Agency, with Assistant Chief Constable Colin McFarlane confirming that a 鈥渢hird-party supplier鈥 of various organisations in addition to the GMP was targeted.
鈥淎t this stage, it鈥檚 not believed this data includes financial information,鈥 he said.
鈥淭his is being treated extremely seriously, with a nationally-led criminal investigation into the attack.鈥
Commenting on this story is Brad Freeman, Director of Technology at听SenseOn, told Techround: 鈥Another day, another data breach for the British police force. The latest attack on the Greater Manchester Police shows that supply chain security is becoming increasingly difficult, and whilst enterprises have been struggling with it for several years, many have gripped it and the improvements many have put in place are reducing risk.鈥
鈥淓vidently, there is a need for all organisations to audit suppliers constantly and to create an overall consistent approach to data security. Whilst the financial details and home addresses of the police officers are believed to have not been retrieved in the incident, it is concerning that the data from the warrant badges is currently in the possession of the cybercriminals. This could enable the adversaries to carry out further attacks such as account takeover or BEC attacks.鈥
More from News
- From Workouts To Managing Jetlag: The British Tech Scale-Up That Just Hit One Million Users Globally Appoints New CEO
- Hackers Tricked Instagram鈥檚 AI To Leak Your Log In Details 鈥 How Can Users Stay Protected?
- New Research Reveals The UK鈥檚 Top 10 鈥淔uture-Ready鈥 Cities
- New Research Shows How Elections Are Impacting The Job Market 鈥 Here鈥檚 How
- Is London Becoming The World鈥檚 Next AI Capital?
- Google鈥檚 AI Can鈥檛 Even Spell 鈥淕oogle鈥 鈥 So Why Is It Replacing Search?
- Will AI Labels Actually Save YouTube From AI Slop?
- The Rise Of 鈥淣ew Brand鈥 Cybercrime Groups And The Business Of Ransomware
A Source of Anxiety
The GMP force, like many others, uses covert officers and has a sizeable counter-terror unit.
GMP Federation chair Mike Peake says the leak is a source of 鈥渁nxiety鈥 for officers.
鈥淥ur colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,鈥 Mr Peake said.
鈥淭o have any personal details potentially leaked out into the public domain in this manner 鈥 for all to possibly see 鈥 will understandably cause many officers concern and anxiety.鈥
鈥淲e are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.鈥
This latest attack comes within six weeks of two other police forces having their data leaked.
Also commenting on this story is Brian Higgins, Security Specialist at听Comparitech, told Techround: 鈥This breach is an all too familiar successful Supply Chain attack, either associated with or a copycat of the recent breach of the Metropolitan Police warrant card provider. It鈥檚 easy to forget that your Network extends far beyond your core business. Your suppliers, partners and clients are all plugged into your business in some way or another and attackers are well aware of the potential vulnerabilities and incursion opportunities these digital relationships present.
鈥淭he case for all Law Enforcement agencies to target-harden wherever possible has been a strong one for some time now as it鈥檚 not implausible that recent data leaks and thefts of Police information may well have raised awareness of the value of such data in criminal marketplaces. Knowing this personal information is in the wild must be incredibly stressful for those affected, their families and loved ones, and it is no secret that in some cases its dissemination represents a significant threat to life. It is to be hoped that they are getting the help and protection that they need.鈥
鈥淎s for every organisation seeking to learn from this incident, it鈥檚 good practice to include some form of baseline Cyber Security requirement in supplier contracts, and influence them to do the same (it is a chain after all) so reviewing and adding something as basic as Cyber Essentials would be a start at least.鈥
Breaches in UK Police
In late August, London鈥檚听Metropolitan Police said it had been made aware of unauthorised entry听to the IT systems of one of its suppliers of warrant cards and staff passes, which exposed the names, ranks and vetting levels of its officers and staff.
Meanwhile, the Police Service of Northern Ireland (PSNI) was also recently left 鈥渋ncredibly vulnerable鈥 by a massive data breach in August
The breach involved the surname, initials, rank or grade, work location and departments of all PSNI staff, but did not involve the officers鈥 and civilians鈥 private addresses.
The leak came as a result of information published in response to a Freedom of Information request, which was later taken down.
The PSNI鈥檚 Assistant Chief Constable Chris Todd told the Northern Ireland Affairs Committee last week that almost 4,000 officers and staff have come forward with concerns after that data leak.
Committee chair Simon Hoare said it could potentially cost the force 拢240m in security and legal costs.
To ensure this issue doesn鈥檛 arise again in the future,听Camellia Chan, CEO and co-founder at Flexxon, told Techround:听鈥淲hile the full impact of the attack is yet to be exposed, there will undoubtedly be many officers already worrying that their personal details have been leaked. Breaches of this nature have become so common over the last few months, such as the听Met Police听补苍诲听Electoral Commission 鈥 proving that the public sector remains a key target for hackers. Attacks in this case can be motivated by both political and financial interests and are designed to cause maximum disruption to essential public services.鈥
鈥淭o defend workers and the public, there needs to be a dramatic change in the way that security is understood. Public sector organisations 鈥 and all organisations for that matter 鈥 can no longer see cybersecurity as an add-on, but as an integral part of IT systems. Technology is a greater force for good, and solutions are out there. Organisations must be proactive in assessing security gaps and addressing those with proven innovations across all layers of devices.鈥
听
