UK police officers’ data stolen in cyberattack on ID supplier
The personal details of thousands of U.K. police officers have been stolen after a suspected ransomware attack on a third-party supplier.
Greater Manchester Police, one of the largest police departments in the U.K., confirmed last week that the supplier, since confirmed as Stockport based identity card maker Digital ID, holds “some information on those employed by GMP.”
“We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported,” Colin McFarlane, assistant chief constable of GMP, said in a statement. “This is being treated extremely seriously, with a nationally-led criminal investigation into the attack.”
When asked by TechCrunch, GMP spokesperson Abi Richardson declined to say what types of data were accessed, though the force has confirmed that financial data is not believed to be affected. The spokesperson also declined to say how many officers are affected, but BBC News reports that as many as 20,000 individuals had their information stolen.
Digital ID, the third-party supplier at the center of the cyberattack, also declined to answer TechCrunch’s questions. Digital ID, which claims to serve more than 22,000 customers across 100 countries, did not dispute that it was the target of a ransomware attack or that a number of its clients were affected by the incident.
TechCrunch understands that Digital ID prints cards for a small number of customers, including GMP, which requires these organizations to supply employees’ personal data.
Last month, London’s Metropolitan Police confirmed a data breach exposing the names, ranks, photos, vetting levels and pay numbers belonging to officers and staff. The breach was blamed on the IT system of one of their suppliers, which was not named.
“Last month, we identified an IT security incident that affected the company’s systems. We quickly engaged specialist external cyber and forensic consultants to conduct an investigation into the impact of this incident and the data that may be involved; this investigation remains ongoing,” Rima Sacre, an agency spokesperson representing Digital ID, told TechCrunch.
“As this incident has been reported to the authorities and our investigation is ongoing, it would be inappropriate for us to offer any further comment at this time.” The spokesperson declined to say whether the organization had received a ransom demand.
A spokesperson for the U.K. National Crime Agency did not respond to a request for comment.
Read more on TechCrunch: