Greater Manchester Police officers suffer major data hack

Greater Manchester Police officers have allegedly had their warrant card details stolen in a major data breach, the Manchester Evening News reported.

According to the paper, the hack was intended for a third-party company employed to produce its warrant cards.

The force, which deploys over 8,000 officers, confirmed that information about its employees had been subjected to a data breach.

Financial details and home addresses are not among the dataset, the police believe, but data from warrant badges including names, ranks and photographs may have been accessed.

The National Crime Agency is understood to be investigating.

Assistant chief constable Colin McFarlane of Greater Manchester Police said: “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.

“At this stage, it’s not believed this data includes financial information.

“We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.

“This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”

According to Anne Cutler, cybersecurity evangelist at Keeper Security, who commented on the data breach, there is an inherent risk involved anytime a company outsources and entrusts sensitive information with third-party providers.

“When the organisation does not own and operate the infrastructure that holds these resources, it not only lacks control, but it has reduced visibility in the event of an emergency such as a data breach like this.

“This particular data leak serves as yet another reminder of why everyone must make cybersecurity a priority. Those impacted in this breach should take proactive steps to protect themselves from cybercriminals who may aim to use their personal information for identity theft and targeted attacks.”

Cutler recommended signing up for identity theft protection services and changing the passwords for all online accounts.

Erfan Shadabi, cybersecurity expert at comforte AG also said that law enforcement needs to take a data-centric approach: “This means placing data at the centre of cybersecurity efforts, rather than relying solely on perimeter defenses.”

To read more stories on cyber security, click here