Greater Manchester Police ransomware attack another classic demo of supply chain challenges

Are you the weakest link?

The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.

According to the Manchester Evening News the stolen data included the names and pictures of police officers held by the supplier for use on thousands of ID badges.

Assistant Chief Constable Colin McFarlane of Greater Manchester Police (GMP) said: "We are aware of a ransomware attack affecting a third-party supplier of various UK organizations, including GMP, which holds some information on those employed by GMP."

McFarlane added the force did not believe that financial information was included, which will be of tremendous comfort for officers wondering what data could now be in the hands of wrong-doers.

he added: "This is being treated extremely seriously, with a nationally led criminal investigation into the attack."

The breach was reported to the Information Commissioner's Office (ICO), which told The Register: "Police officers and staff expect their information to be kept secure, and are right to be concerned when that doesn't happen. This incident has been reported to us, and we'll now be looking into what happened, and asking questions on behalf of anyone affected."

The breach bears a distinct resemblance to last month's data leak at a supplier of London's Metropolitan Police, where the details of all 47,000 staff members and police officers were exposed.

At the time, former Met commander John O'Connor told The Sun newspaper: "Anyone using these details to produce a warrant card or pass could gain access to a police station or secure area."

Earlier this month, an attack on a supplier of high-security fencing for military bases resulted in data exfiltration thanks in part to the use of obsolete kit – a Windows 7 PC – left accessible to attackers.

Supply chain attacks are becoming increasingly prevalent, and this latest incident is a reminder to organizations that their security posture can often depend on that of their suppliers.

Caleb Mills, Professional Services director at Doherty Associates, said: "The attack exposing Greater Manchester Police Officers' personal details highlights the importance of holistically assessing an organization's cybersecurity posture – no stone must be left unturned. This is especially true because security controls, no matter how robust, can be rendered ineffective if there are vulnerabilities within the supply chain. Your security is only as strong as its weakest link."

Raj Samani, SVP and chief scientist at Rapid7, said: "The ransomware attack on Greater Manchester Police is another kick in the teeth for public services. An organization is only as secure as its weakest third-party network, and security protocols are only effective if all of their third-party providers are equally secure."

He added: "Cybercriminals are aware of this and will attempt to breach the weakest link in the chain to gain access to systems and steal highly sensitive data. The exposure of sensitive information such as the identities of undercover officers can jeopardise criminal cases, and at worse, endanger officers' lives. Therefore, it is even more important that supply chains are secured." ®

Send us news

With ransomware whales becoming so dominant, would-be challengers ask 'what's the point?'

Fewer rivals on the scene as big-gang success soars

Cybersec chiefs team up with insurers to say 'no' to ransomware bullies

Guidebook aims to undermine the criminal business model

Ransomware negotiator weighs in on the extortion payment debate with El Reg

As gang tactics get nastier while attacks hit all-time highs

LockBit dethroned as leading ransomware gang for first time post-takedown

Rivals ready to swoop in but drop in overall attacks illustrates LockBit’s influence

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

Uncle Sam urges action after Black Basta ransomware infects Ascension

Emergency ambulances diverted while techies restore systems

British Library's candid ransomware comms driven by 'emotional intelligence'

It quickly realized ‘dry’ progress updates weren’t cutting it

Canada's London Drugs confirms ransomware attack after LockBit demands $25M

Pharmacy says it's 'unwilling and unable to pay ransom'

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

Nissan infosec in the spotlight again after breach affecting more than 50K US employees

PLUS: Connected automakers put on notice; Cisco Talos develops macOS fuzzing technique; Last week's critical vulns

FBI takes down BreachForums ransomware website and Telegram channel

No more illicit gains, for a while at least

Encrypted mail service Proton hands suspect's personal info to local cops

Plus: Google patches another Chrome security hole, and more