After revelations of a cyber breach at a key supplier, regulators and representative bodies have warned that officers have cause to be concerned about the safety of their personal data
The sensitive personal data of Greater Manchester Police officers may be at risk after a ransomware attack on a supplier that provides the force with ID cards.
The breach was revealed yesterday in a statement from Greater Manchester Police, which provided little additional detail about the details or impact of the incident other than an assertion that the force does not believe financial data was compromised. The force indicated that data-protection regulator the Information Commissioner’s Office has been alerted.
It has emerged that the National Crime Agency is leading the investigation into the attack – which is now also understood to be the same incident that led to London’s Metropolitan Police Service last month reporting that it had suffered a data breach. The incident comprised an attack on Digital ID – a Stockport-based firm that specialises in ID cards, as well as printers and related services. The company is also reported to count NHS bodies and universities among its customers.
Related content
- Officers pose as attackers for hire as NCA doubles number of ‘major cyber disruptions’ in FY23
- Data offered for sale after ransomware attack on Scottish university
- Home Office preps Plan B to ensure continuity of UK police database
Greater Manchester Police assistant chief constable Colin McFarlane said: “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP. At this stage, it’s not believed this data includes financial information. We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported. This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”
GMP employs almost 13,000 people in total, including upwards of 8,000 serving officers. The Met Police, meanwhile, has a roster of about 34,000 officers and 10,000 other staff.
Mike Peake, chair of the Greater Manchester branch of officers’ representative body the Police Federation, said that, following news of the breach, many serving the police on the frontline and elsewhere will be worried about the safety of their personal data.
“Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” he said. “To have any personal details potentially leaked out into the public domain in this manner – for all to possibly see – will understandably cause many officers concern and anxiety. We are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.”
The ICO’s head of cyber investigations Elizabeth Baxter also acknowledged the concern that police officers are likely to be feeling.
“Police officers and staff expect their information to be kept secure, and are right to be concerned when that doesn’t happen,” she said. “This incident has been reported to us, and we’ll now be looking into what happened, and asking questions on behalf of anyone affected. Organisations must look after employee information, particularly in sectors where the impact of a data breach could be greater. The ICO works to support organisations to get this right so people can feel confident that their information is secure.”
The breach that has affected forces in London and Manchester – and possible others – comes shortly after the Police Service of Northern Ireland revealed that it had accidentally published the personal data of about 10,000 officers and other employees, in a breach that the Police Federation said could cause “incalculable damage”. Chief constable Simon Byrne has since resigned from his role.
