Supplier had been commissioned to produce microchipped warrant cards and passes for 47,000 staff and officers
A supplier to the Metropolitan Police has experienced unauthorised access to personal data on police officers and civilian staff, including names, ranks, photos, vetting levels, and pay data, the force said.
The force said it has taken security measures and reported the incident to the National Crime Agency and the Information Commissioner’s Office. The data does not include addresses, phone numbers or financial details.
According to The Sun, the supplier had been commissioned to produce microchipped warrant cards and passes for all 47,000 staff and officers, replacing ones produced in-house after security incidents using forged police documents. It reported that the force had spent £467,587 on the documents.
The Metropolitan Police Federation, which represents officers in the capital, said the breach should never have happened. “The men and women I represent are justifiably disgusted by this breach,” said Rick Prior, the federation’s vice-chair. “We will be working with the force to mitigate the dangers and risks this disclosure could have on our colleagues. And will be holding the Metropolitan Police to account for what has happened.”
The data breach is the third concerning the police this August. The first saw the Police Service of Northern Ireland accidentally publish a spreadsheet with the names, ranks, units or departments and office locations of all of its 10,000 officers and staff in response to a Freedom of Information request.
Chief constable Simon Byrne said that the force was confident that the workforce data was in the hands of dissident Republicans: “It is now a planning assumption that they will use this list to generate fear and uncertainty as well as intimidating or targeting officers and staff,” he said. The force has since made two arrests, one on suspicion of collection of information likely to be useful to terrorists and another under the Terrorism Act.
The second breach by the Norfolk and Suffolk constabularies also involved Freedom of Information disclosures, with sensitive personal data on 1,230 victims, witnesses and suspects accidentally included within files published from April 2021 to March 2022. The forces said the data would be hidden from those opening the files, but they will contact everyone affected.