The personal details of Greater Manchester Police (GMP) officers and staff are the latest to be hacked in an apparent ransomware attack.
Details on warrant cards and identity badges, including names, photos of individuals and police collar numbers or identity numbers, were stolen from the force’s supplier of ID badges, Stockport’s Digital ID.
The latest attack comes just weeks after the details of Metropolitan Police staff were targeted in a hack at the same firm.
Assistant Chief Constable Colin McFarlane said in a statement: “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP. At this stage, it’s not believed this data includes financial information,” he said. “We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported. This is being treated extremely seriously, with a nationally-led criminal investigation into the attack.”
The force, one of the biggest in the UK, has a sizeable counter-terror unit and many undercover officers.
A Digital ID spokesperson said: “Last month, we identified an IT security incident that affected the company’s systems. We quickly engaged specialist external cyber and forensic consultants to conduct an investigation into the impact of this incident and the data that may be involved; this investigation remains ongoing.”
GMP Federation chair Mike Peake added: “Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe. To have any personal details potentially leaked out into the public domain in this manner – for all to possibly see – will understandably cause many officers concern and anxiety.
“We are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.”
Elizabeth Baxter, head of cyber investigations at the ICO, confirmed the organisation was investigating the latest leak: “This incident has been reported to us, and we’ll now be looking into what happened, and asking questions on behalf of anyone affected,” she said.
