Greater Manchester Police victim of hack with thousands of warrant card details stolen

  • ITV Granada Reports journalist Rachel Pritchard has the latest on the data hack

Thousands of warrant card details held by Greater Manchester Police officers have been stolen after systems were hacked.

Details on identity badges and warrant cards, including names, photos of individuals and identity numbers or police collar numbers, were stolen in a ransomware attack on the force’s supplier of ID badges.

The hackers, it is believed, aimed their attack at a company the force contracted to produce its warrant cards.

Police officers and staff were told about the hack on Wednesday 13 September, as the National Crime Agency (NCA) confirmed it was part the same incident which affected the Met Police in August.

  • Mike Peake, Chair of Greater Manchester Police Federation spoke to Granada Reports about the hack

Mike Peake, Chair of Greater Manchester Police Federation, said: "Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe. 

"To have any personal details potentially leaked out into the public domain in this manner - for all to possibly see - will understandably cause many officers concern and anxiety.

“We are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.”

NCA spokesperson: “The National Crime Agency is leading the criminal investigation into a cyber incident affecting a company which supplies ID card services to a number of UK organisations.

“We are working alongside the NCSC and law enforcement partners to fully understand the impact of the incident and support those organisations whose data has been accessed.”

  • Simon Chapman, a Cyber Security Expert from Secarma explained how cyberattacks can come about

The company at the centre of the breach, Digital ID, based in Stockport, said it engaged cyber consultants as soon as it identified there had been an incident.

It said: “Last month, we identified an IT security incident that affected the company’s systems.

"We quickly engaged specialist external cyber and forensic consultants to conduct an investigation into the impact of this incident and the data that may be involved; this investigation remains ongoing.”

It is not believed financial information was taken, GMP said.

ACC Colin McFarlane of Greater Manchester Police (GMP) said: “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.

"At this stage, it’s not believed this data includes financial information.

"We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.

"This is being treated extremely seriously, with a nationally led criminal investigation into the attack."

Elizabeth Baxter, head of cyber investigations at the Information Commissioner’s Office (ICO), said: “Police officers and staff expect their information to be kept secure, and are right to be concerned when that doesn’t happen.

“This incident has been reported to us, and we’ll now be looking into what happened, and asking questions on behalf of anyone affected.

“Organisations must look after employee information, particularly in sectors where the impact of a data breach could be greater. The ICO works to support organisations to get this right so people can feel confident that their information is secure.”

Want more on the issues affecting the North? Our podcast, From the North answers the questions that matter to our region.