Criminal investigation launched into cyberattack that deleted and encrypted Police Federation data

Written by Sam Trendall on 22 March 2019 in News
News

National Crime Agency leading inquiry after malware assault

A criminal investigation has been launched after the headquarters of the Police Federation of England and Wales suffered a malware attack that deleted and encrypted portions of its backup data.

The attack, which took place on 9 March, affected “a number of databases and servers”. It disabled email services and rendered files inaccessible.

There is currently no evidence to suggest any data was “extracted or misused”. There is a low risk of any such activity being discovered, although the possibility cannot be discounted, according the federation. 


Related content


“All indications are that the malware did not spread any further than the systems based at Federation House, the organisation’s Surrey headquarters, with none of the 43 branches being directly affected,” PFEW added.

The cyber breach – which the federation does not currently believe was targeted specifically at the organisation but, rather, was part of a wider assault – was discovered via internal security systems at 7pm on the day in question. 

“We isolated the infection and took some services offline in order to minimise spread,” PFEW said. “We immediately instructed a leading forensics firm, BAE Systems, to assist with the response.”

The day after the attack, the incident was reported to the National Cyber Security Centre and the National Crime Agency – which is now leading the criminal investigation. The Information Commissioner’s Office was alerted to the breach on Monday 11 March.

PFEW, which is the statutory staff association for police constables, sergeants, inspectors, and chief inspectors across England and Wales, represents around 120,000 officers. It claimed that “various categories of individuals… including our members” were affected by the breach. Anyone impacted will be personally contacted presently, PFEW said.
PFEW national chair John Apter said: “We are deeply sorry that this has happened. The Police Federation takes data security very seriously and responded immediately on becoming alerted to this incident. Our priority has been to mitigate the damage caused by the attack and to protect the personal data of our members and others whose data we hold.”

The federation has set up a dedicated website bringing together its statement on the attack and the answers to a list of questions. At 12pm today it also launched a helpline – the number for which is 0800 358 0714 – to provide advice for anyone who has concerns.

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Home Office to review data-protection set-up
15 April 2019

After two breaches inside a week, department commissions independent assessment of compliance

What are the world’s most-hacked passwords?
23 April 2019

National Cyber Security Centre research reveals the most commonly breached passwords

All police forces create cybercrime units
16 April 2019

Each of the 43 forces across England and Wales have set up dedicated tech units with £7m of government backing