The personal details of Greater Manchester Police (GMP) officers have been hacked after the force was targeted in a cyber attack.
Details on warrant cards and identity badges – including names, photos of individuals and police collar numbers or identity numbers – were stolen from the force’s supplier of ID badges, Digital ID.
GMP said no home addresses of officers or any financial information about individuals had been stolen and that the National Crime Agency is leading the investigation.
Assistant Chief Constable Colin McFarlane confirmed a “third-party supplier” of various organisations – including GMP – has been targeted.
“At this stage, it’s not believed this data includes financial information,” he said.
“We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office (ICO) and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.
“This is being treated extremely seriously, with a nationally-led criminal investigation into the attack.”
The force, like many others, uses covert officers and has a sizeable counter-terror unit.
A Digital ID spokesperson said: “Last month, we identified an IT security incident that affected the company’s systems.
“We quickly engaged specialist external cyber and forensic consultants to conduct an investigation into the impact of this incident and the data that may be involved; this investigation remains ongoing.”
Read more:
Miscarriages of justice body to review handling of wrongful rape conviction
Investigation launched into woman’s claim she was sexually assaulted in custody
GMP Federation chair Mike Peake says the leak is a source of “anxiety” for officers.
“Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” he said.
“To have any personal details potentially leaked out into the public domain in this manner – for all to possibly see – will understandably cause many officers concern and anxiety.
“We are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.”
‘Right to be concerned’
Elizabeth Baxter, head of cyber investigations at the ICO, said police officers expect their information to be kept secure and are “right to be concerned” when that doesn’t happen.
“This incident has been reported to us, and we’ll now be looking into what happened, and asking questions on behalf of anyone affected,” she added.
It comes after officers at two other police forces had their data leaked within the past six weeks.
In late August, London’s Metropolitan Police said it had been made aware of unauthorised entry to the IT systems of one of its suppliers of warrant cards and staff passes, which exposed the names, ranks and vetting levels of its officers and staff.
At time there was further discussion around suggestions that Russian hackers may be targeting British infrastructure.
The Police Service of Northern Ireland (PSNI), meanwhile, were left “incredibly vulnerable” by a massive data breach earlier that month.
The breach involved the surname, initials, rank or grade, work location and departments of all PSNI staff, but did not involve the officers’ and civilians’ private addresses.
The leak came as a result of information published in response to a Freedom of Information request, which was later taken down.
The PSNI’s Assistant Chief Constable Chris Todd told the Northern Ireland Affairs Committee last week that almost 4,000 officers and staff have come forward with concerns after that data leak.
Committee chair Simon Hoare said it could potentially cost the force £240m in security and legal costs.