Personal information of employees of the Greater Manchester Police (GMP) was hacked Thursday in a ransomware attack, the force has confirmed. The hackers targeted a third-party firm in Stockport that makes ID cards, and which holds information on GMP employees.
“We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP,” said ACC Colin McFarlane of Greater Manchester Police.
“At this stage, it’s not believed this data includes financial information. We understand how concerning this is for our employees so, as we work to understand any impact on GMP.”
The attack has been reported to the Information Commissioner’s Office (ICO).
“This is being treated extremely seriously, with a nationally-led criminal investigation into the attack,” Colin McFarlane added.
“Police officers and staff expect their information to be kept secure, and are right to be concerned when that doesn’t happen. This incident has been reported to us, and we’ll now be looking into what happened, and asking questions on behalf of anyone affected” said Elizabeth Baxter, Head of Cyber Investigations at the ICO.
Other police data breaches
The GMP is the second UK police force in a fortnight to be affected by a cyberattack.
In late August, London’s Metropolitan Police suffered a suspected breach when the force noticed an unauthorised access to the IT system of one of its suppliers.
Names of officers, ranks, photos, vetting levels and pay numbers were believed to have been leaked in the breach. Rick Prior, Vice Chair of the Metropolitan Police Federation (MPF) said it could do “incalculable damage”.
“This is being treated extremely seriously, with a nationally-led criminal investigation into the attack.”ACC Colin McFarlane of Greater Manchester Police
UK’s Norfolk and Suffolk police and the Police Service of Northern Ireland also suffered serious data breaches this summer. Personal information on each force’s officers was leaked. These breaches occurred due to failings while responding to Freedom of Information requests, rather than cyberattacks.
In the Norfolk and Suffolk case, identifiable information on a total of 1,230 victims, witnesses, and suspects, was also leaked. Data included descriptions of offences, and was related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.