Greater Manchester Police Caught Up in Ransomware HackEmployee Information Among Compromised Data
Hackers stole the personal details of thousands of British police officers and staff in a ransomware attack that swept up one of the United Kingdom's largest law enforcement agencies.
The Greater Manchester Police on Thursday described the attack as targeting a third-party supplier of various organizations, including the GMP. The agency patrols the northern city and its suburban satellite cities, an area of 500 square miles that is home to approximately 2.8 million people.
"At this stage, it's not believed this data includes financial information," said Colin McFarlane, assistant chief constable of Greater Manchester Police. "This is being treated extremely seriously."
A Wednesday missive to staff reported by the Manchester Evening News said an investigation had established that hackers may have taken badges including names, ranks, photos and serial numbers. A subset of the photos contained geolocation data embedded in them.
The agency has notified the U.K.'s Information Commissioner's Office. In an emailed statement, the National Cyber Security Center said it is currently working with other law enforcement agencies to "understand the impact of a cyber incident."
Thursday's hack is the latest in a series of incidents that resulted in breaches of personal data across British law enforcement.
London’s Metropolitan Police in late August faced a similar situation as its northern counterpart, acknowledging that a security breach at a third party had leaked names, ranks, photos, vetting levels and pay numbers for officers and staff. The police force said it has strengthened security measures.
In mid-August, the constabularies of Norfolk and Suffolk inadvertently exposed information of 1,230 individuals. Prior to that, the Police Service of Northern Ireland disclosed details of 10,000 officers and staff after it had accidentally posted an online spreadsheet containing the first initials and surnames, roles and locations of its staff (see: Northern Ireland Police at Risk After Serious Data Breach).
Security and privacy experts warned that extremist republican paramilitaries could use the information to target police officers and employees.