View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 14, 2023updated 17 Sep 2023 11:42pm

Greater Manchester Police suffers major data breach

A ransomware attack on a third-party vendor has exposed the personal data of hundreds of officers working for Greater Manchester Police.

By Claudia Glover

The personal data of hundreds of officers working for Greater Manchester Police has been exposed as the result of a ransomware attack against a third-party ID card supplier. According to a statement issued by the police department earlier today, the data included officers’ names, addresses and photographs. The breach is the fifth successful cyberattack on UK law enforcement agencies within the last two months. 

Exterior shot of the Greater Manchester Police offices. The force announced earlier today that it had suffered a major data breach as a result of a ransomware attack on a third-party vendor.
The offices of Greater Manchester Police. The force announced earlier today that it had suffered a major data breach as a result of a ransomware attack on a third-party vendor. (Photo by Juiced Up Media/Shutterstock)

Police officers and staff were informed of the hack yesterday. “At this stage, it’s not believed this data includes financial information,” said Assistant Chief Constable Colin McFarlane, in a statement. “We have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported. This is being treated extremely seriously, with a nationally-led criminal investigation into the attack.”

Another officer told BBC News anonymously that while the names of many officers were publicly available, there was particular concern regarding the identities of undercover officers.

The name of the third-party supplier and the specific number of those affected remain unknown.

Greater Manchester Police not alone in suffering data breach

This attack is the fifth data leak to hit a UK police force in under two months. In August, London’s Metropolitan Police Service suffered a similar breach, when hackers managed to break into the IT systems of another third-party supplier. The company had access to names, ranks, photos, vetting levels and pay numbers for officers and staff, said the force, but did not hold personal information such as addresses, phone numbers or financial details.

“To have their personal details potentially leaked out into the public domain in this manner, for all to possibly see, will cause colleagues incredible concern and anger,” said the vice-chair of the Metropolitan Police Federation, Rick Prior, at the time. “We share that sense of fury… this is a staggering security breach that should never have happened.”

This attack directly followed a data leak from Norfolk and Suffolk’s police forces, which saw the confidential data of over 1,000 citizens who had been victims of crime accidentally attached to an answer to a Freedom of Information (FOI) request. The leaked data was stored on a system used by the two police forces. In a joint statement issued at the time, they said that they had yet to find any evidence that the information had been accessed by third parties.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Earlier in August, information on a “substantial number” of the Police Service of Northern Ireland’s 10,000 staff was made public online in error as part of an FOI request. It was taken down hours later, but many staff reportedly feared that their identities being made public could have seen them become the target for paramilitary groups.

Read More: Information from PSNI data breach posted on wall opposite Sinn Féin office

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.