'Thousands' of police officers' details exposed in third-party hack
A supplier for Greater Manchester Police has been hit with ransomware
One of the largest police forces in Britain is working to contain the effects of a cyberattack that has exposed the personal information of "thousands" of officers.
Greater Manchester Police, which employs more than 8,000 officers, has said a third-party supplier has been breached in a ransomware attack.
The breach has exposed the details of officers' name badges, which includes their ranks, photographs and serial numbers.
Financial information is not understood to have been part of the stolen data.
The force says it is taking the situation "extremely seriously," and the National Crime Agency has launched an investigation into the incident.
Assistant chief constable Colin McFarlane said: "We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP. At this stage, it's not believed this data includes financial information.
"We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner's Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.
"This is being treated extremely seriously, with a nationally led criminal investigation into the attack."
Although no personal information has been published online yet, having it stolen still represents a risk for officers.
Greater Manchester Police has numerous officers in undercover and counter-terrorism roles, all of whom rely on secrecy.
Raj Samani, SVP and chief scientist at Rapid7, said: "The exposure of sensitive information such as the identities of undercover officers can jeopardise criminal cases, and at worst, endanger officers' lives. Therefore, it is even more important that supply chains are secured."
Public sentiment towards the police, especially trust, was already at a low point before recent data breaches.
This is the fifth data breach in policing in the last two months, with others affecting services in Northern Ireland; Cumbria; Norfolk & Suffolk; and the Metropolitan Police.
The Ministry of Defence suffered a similar breach earlier this month, when one of its own suppliers was attacked.
Jake Moore, global security advisor at ESET, said:
"Once again, we find another data leak with harrowing consequences affecting police officers and staff. Cybercriminals will attack all links in the chain for a weak link and if this involves a small company used to make ID cards then this firm will require the same security as the force in question.
"Many businesses in the police's supply chain will handle extremely sensitive data but it is imperative that they are checked not only in terms of vetting but in terms of security protocols as well. When dealing with this level of sensitive information that could cause huge knock-on effects it is vital that they are protected to the highest possible standard."