Greater Manchester Police officers’ data exposed in ransomware attack

The personal details of an unknown number of Greater Manchester Police (GMP) officers have been exposed after a third-party supplier was targeted in a cyberattack. The attacked firm, which makes ID cards, holds information on various UK organisations, including some staff employed by GMP. The incident is the latest in a slew of data breaches impacting UK police in the last few weeks.

GMP has reported the ransomware attack to the ICO

In a statement, ACC Colin McFarlane of GMP said: "We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP." At this stage, it's not believed this data includes financial information, he added.

"We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office [ICO] and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported. This is being treated extremely seriously, with a nationally led criminal investigation into the attack."

An anonymous officer told the BBC that, while the names of many officers were publicly available, there is particular concern regarding the identities of undercover officers.

UK police suffer series of data breaches

The GMP data breach comes just a couple of weeks after the Metropolitan Police Service (MPS) said it was investigating a possible data breach following "unauthorised access" to the systems of one of its suppliers. In the same month, the Norfolk and Suffolk police constabularies disclosed the accidental exposure of personal data belonging to more than 1,000 individuals, including victims of crime. The agencies said they identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.

A few days prior, the Police Service of Northern Ireland (PSNI) admitted to suffering two separate data breaches. The first centered on the exposure of information on serving police officers and civilians in response to an FOI request from a member of the public relating to officer rank and staff grades. An error led to the sharing of a large Excel spreadsheet containing the surnames and initials of current employees alongside the location and department within which they work. The second involved the theft of documents including a spreadsheet containing the names of more than 200 serving police officers and staff from a “private vehicle” in the Newtownabbey area in Northern Ireland.