Uh-oh, yet another UK police force has suffered a serious data breach.
After the incidents involving Cumbria Police, Norfolk and Suffolk Police, and – perhaps worst of all – the PSNI in Northern Ireland, it’s now Greater Manchester Police finding itself in the hot seat.
According to a brief statement on its website, Greater Manchester Police (GMP) says a third-party supplier has been hit by a ransomware attack, which has resulted in data of it and other UK organisations being compromised.
BBC News goes into more detail, explaining that the supplier produced ID badges for GMP staff.
The significance of that? Thousands of police officers’ names now could be in the public domain – a particular problem for those whose identities are more sensitive due to the undercover work they do.
Once again, an organisation is learning that it’s not enough to have strong defences for your own infrastructure to prevent hackers from stealing data. It’s also necessary to ensure that any suppliers or partners who you grant access to your data are similarly well protected.
Greater Manchester Police says it has informed the Information Commissioner’s Office (ICO) about the incident.
August’s data breach involving all 10,000 of Northern Ireland’s police service also involved the personal details of serving police officers and staff, exposed through a spreadsheet that carelessly included their names, ranks, and where they were based – putting their personal safety at risk.
The sensitive list was later confirmed by the police to be in the hands of dissident republicans, amongst others.
In total four arrests have so far been made in Northern Ireland related to the data breach, with one man charged with having articles for use in terrorism.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
About Author
