More UK cops' names and photos exposed in supplier breach
All 47,000 Met Police officers and staff reportedly accessed in break-in
London's Metropolitan Police has said a third-party data breach exposed staff and officers' names, ranks, photos, vetting levels, and salary information.
In a statement posted on the cops' website, the force said miscreants broke into a supplier's IT system, and used that unauthorized access to steal personnel information. The supplier did not, however, store police addresses, phone numbers or financial account details so it appears that data remains secure.
"Security measures have been taken by the MPS as a result of this report," the statement said, adding that the UK National Crime Agency and Information Commissioner's Office have both been made aware of the breach.
The Met did not immediately respond to The Register's questions about the breach, including the identity of the supplier, how many individuals' details were exposed, who was responsible for the intrusion, and what security measures the agency undertook as a result of the compromised IT system.
According to The Sun, which first reported on the breach, all 47,000 staff members and police officers – including senior officials, undercover and counter-terrorism cops, and officers assigned to guard the royal family – were exposed.
"Anyone using these details to produce a warrant card or pass could gain access to a police station or secure area," former Met commander John O'Connor told the newspaper.
"There is also a huge concern that photographs of police on undercover units, surveillance or in sensitive areas like counter-terrorism could fall into the wrong hands," he added. "This data breach has put the safety of police at risk."
- Man arrested in Northern Ireland police data leak as more incidents come to light
- You're not seeing double – yet another UK copshop is confessing to a data leak
- Electoral Commission had internet-facing server with unpatched vuln
- FBI: Who was going around hijacking Barracuda email boxes? China, probably
The Met data breach follows a handful of other leaks at UK cop shops over the past few weeks.
On August 16, a man was arrested in Northern Ireland after police posted a spreadsheet online that listed last names and initials of 10,000 serving officers in the Police Service of Northern Ireland (PSNI), plus civilian staff members.
According to the PSNI, the data had been mistakenly published in response to a Freedom of Information request, and the man was arrested on "suspicion of collection of information likely to be useful to terrorists."
That same week, England's Norfolk and Suffolk police also copped to a leak. This one, blamed on a "technical issue," resulted in raw data about crime reports being mistakenly included in Freedom of Information responses to crime statistic requests.
And just days before that security blunder, Cumbria police accidentally published the names, salaries, and allowances for all staff and officers online. ®