Manchester Police officers' data exposed in ransomware attack

United Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier.

The impacted organization, not named in a statement published today, is a service supplier for GMP and other organizations across the UK.

GMP does not believe the data on the hacked systems contains financial information belonging to the police department's employees.

"We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP," Assistant Chief Constable Colin McFarlane said.

"At this stage, it's not believed this data includes financial information."

However, McFarlane didn't provide details on what other types of information might have been compromised in the breach.

"We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported," McFarlane said.

He also emphasized that the police department treats the ransomware attack and the resulting data breach with the utmost priority as part of a national-level criminal investigation.

Similar breaches across the UK

The attack on GMP comes roughly a month after the Police Service of Northern Ireland (PSNI) announced another third-party breach, exposing the personally identifiable information (PII), ranks, and location of 10,000 police officers.

Parts of the stolen data were posted online, exposing the identities of undercover officers and endangering the health and safety of staff due to their crime-fighting role.

In late August, the Metropolitan Police (Met) published a similar announcement about hackers gaining access to the IT system of one of its suppliers, resulting in the exposure of names, ranks, photos, vetting levels, and pay numbers for 47,000 police officers and staff.

It wasn't until early September 2023 when The Sun named the third party affected in the incident, claiming it was the Stockport-based ID card and access pass maker 'Digital ID.'

The company later confirmed that it had been affected by an IT security incident via a statement in the press but has yet to share any further details.

Although not confirmed, there's a strong possibility that the GMP breach is related to the Digital ID incident.

Given the firm's extensive business reach, other UK police departments might soon announce similar data breaches.