UK Police Department Affected by Ransomware Attack
The Greater Manchester Police (GMP) in the United Kingdom has confirmed that a ransomware attack targeting a third-party supplier has impacted the personal information of some of its employees.
The affected organization, which remains unnamed in the official statement, provides services not only to GMP but also to other organizations across the country.
GMP has stated that they do not believe the compromised systems contain any financial information belonging to their employees.
Assistant Chief Constable Colin McFarlane has acknowledged the ransomware attack, stating, “We are aware of a ransomware attack affecting a third-party supplier of various UK organizations, including GMP, which holds some information on those employed by GMP” (source).
However, McFarlane did not disclose the specific types of information that may have been compromised in the breach.
McFarlane reassured employees that GMP is taking the breach seriously and has contacted the Information Commissioners Office to address the situation. They are committed to keeping employees informed, addressing their concerns, and providing support throughout this process.
It is important to note that this ransomware attack and subsequent data breach are currently under investigation as part of a national-level criminal investigation.
Similar Breaches in the UK
This incident follows a similar breach at the Police Service of Northern Ireland (PSNI) a month ago, where personally identifiable information (PII), ranks, and locations of 10,000 police officers were exposed (source).
Furthermore, the Metropolitan Police (Met) recently reported a breach in which hackers gained unauthorized access to the IT system of one of its suppliers. This breach resulted in the exposure of names, ranks, photos, vetting levels, and pay numbers of 47,000 police officers and staff (source).
The third-party affected in the Met incident was identified as ‘Digital ID,’ a Stockport-based ID card and access pass maker. The company confirmed the security incident but has not provided additional details (source).
There is a strong possibility that the GMP breach is connected to the Digital ID incident, given the company’s extensive business reach. It is likely that other UK police departments will announce similar data breaches in the near future.