Geo Focus: The United Kingdom , Geo-Specific

Greater Manchester Police Caught Up in Ransomware Hack

Employee Information Among Compromised Data
Greater Manchester Police Caught Up in Ransomware Hack
Two Greater Manchester Police officers on patrol on Jan. 31, 2020 (Image: Shutterstock)

Hackers stole the personal details of thousands of British police officers and staff in a ransomware attack that swept up one of the United Kingdom's largest law enforcement agencies.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The Greater Manchester Police on Thursday described the attack as targeting a third-party supplier of various organizations, including the GMP. The agency patrols the northern city and its suburban satellite cities, an area of 500 square miles that is home to approximately 2.8 million people.

"At this stage, it's not believed this data includes financial information," said Colin McFarlane, assistant chief constable of Greater Manchester Police. "This is being treated extremely seriously."

A Wednesday missive to staff reported by the Manchester Evening News said an investigation had established that hackers may have taken badges including names, ranks, photos and serial numbers. A subset of the photos contained geolocation data embedded in them.

The agency has notified the U.K.'s Information Commissioner's Office. In an emailed statement, the National Cyber Security Center said it is currently working with other law enforcement agencies to "understand the impact of a cyber incident."

Thursday's hack is the latest in a series of incidents that resulted in breaches of personal data across British law enforcement.

London’s Metropolitan Police in late August faced a similar situation as its northern counterpart, acknowledging that a security breach at a third party had leaked names, ranks, photos, vetting levels and pay numbers for officers and staff. The police force said it has strengthened security measures.

In mid-August, the constabularies of Norfolk and Suffolk inadvertently exposed information of 1,230 individuals. Prior to that, the Police Service of Northern Ireland disclosed details of 10,000 officers and staff after it had accidentally posted an online spreadsheet containing the first initials and surnames, roles and locations of its staff (see: Northern Ireland Police at Risk After Serious Data Breach).

Security and privacy experts warned that extremist republican paramilitaries could use the information to target police officers and employees.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.