web analytics

Met Police Officers at Risk After Serious Data Breach – Source: www.govinfosecurity.com

met-police-officers-at-risk-after-serious-data-breach-–-source:-wwwgovinfosecurity.com
Rate this post

Source: www.govinfosecurity.com – Author: 1

Breach Notification
,
Cybercrime
,
Endpoint Security

Scotland Yard Probes Impact of Suspected Hack Attack Against Service Provider

Mathew J. Schwartz (euroinfosec) •
August 28, 2023    

Met Police Officers at Risk After Serious Data Breach
Scotland Yard, the headquarters of London’s Metropolitan Police Service (Image: Met Police)

London’s Metropolitan Police Service is investigating a serious data breach that may have exposed names, ranks and photographs for potentially all 47,000 personnel.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

The force told staff it’s still probing the “unauthorized access to the IT system of a Met supplier” and that it’s not yet clear when or how it occurred, or how many individuals might be affected.

“We are working with the company to understand if there has been any security breach relating to Metropolitan Police data,” the Met said in a statement. “The company had access to names, ranks, photos, vetting levels and pay numbers for officers and staff. The company did not hold personal information such as addresses, phone numbers or financial details.”

The Met Police is responsible for policing greater London – with the exception of the City of London financial district – which has 8.6 million residents. One concern with the breach is that undercover officers’ identities may have been exposed.

The Met has referred the incident to both the U.K. National Crime Agency and the Information Commissioner’s Office, which enforces the country’s data protection rules. An NCA spokesperson told the BBC the agency was “aware of the cyber incident” and “working with law enforcement partners to understand the impact.”

The breached contractor is responsible for supplying the official warrant cards that officers use to identify themselves, as well as staff passes, the Sun reported. The contractor has not been identified.

The Metropolitan Police Federation, which represents the more than 30,000 officers in the force, labeled the incident “a staggering security breach that should never have happened.”

“Metropolitan Police officers are – as we speak – out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” said Rick Prior, vice chair of the MPF, in a statement. “To have their personal details potentially leaked out into the public domain in this manner – for all to possibly see – will cause colleagues incredible concern and anger.”

String of UK Police Breaches

The Met Police security incident follows a string of other data breach alerts from U.K. police forces. Earlier this month, the Police Service of Northern Ireland warned that due to “human error” when fielding a freedom of information request, the force had inadvertently exposed personal details for all 9,276 serving police officers and staff.

The breach exposed first initials and surnames, roles and locations for each individual. The PSNI said it has identified personnel for whom their personal – or family’s – security is at heightened risk as a result, and has been advising them on how to best mitigate that risk.

Extremists remain a serious threat, and the PSNI warned that it believed they had obtained copies of the data. In March, the U.K. government raised the terrorist threat level in Northern Ireland in March to “severe” following the attempted assassination of an off-duty police officer in Omagh, County Tyrone.

Since the data breach, PSNI detectives have made two arrests under the Terrorism Act in connection with individuals who may have obtained the information.

Days after that breach occurred, the PSNI disclosed that in July, it suffered another breach after a laptop and notebook fell from an officer’s moving vehicle on the M2 motorway in north Belfast. While “the laptop was immediately deactivated and has since been recovered,” the force said parts of the notebook remain missing, including pages containing personnel information for “42 officers and staff,” who have been directly notified.

Also this month, the constabularies of Norfolk and Suffolk in England warned that they too had accidentally exposed information when responding to multiple freedom of information requests. The exposed information on 1,230 individuals pertains to crime reports.

“The data includes personal identifiable information on victims, witnesses and suspects, as well as descriptions of offenses,” the constabularies said. “It related to a range of offenses, including domestic incidents, sexual offenses, assaults, thefts and hate crime.”

Last week, yet another police force breach came to light. On Wednesday, England’s South Yorkshire Police reported that it had referred itself to the ICO “after the force noticed a significant and unexplained reduction in data stored on its systems.” The force said digital forensic experts are attempting to recover nearly two years of police body cam footage
– recorded from July 2020 through May – of officers attending an incident or engaging with members of the public.

“Approximately 69 cases have been identified as potentially affected by the loss of data and we are working closely with the victims and the Crown Prosecution Service,” the force said.

“There may be implications for victims and witnesses and the wider criminal justice system as some of this footage may be evidence in upcoming court cases” of both a criminal and civil nature, said South Yorkshire Police and Crime Commissioner Alan Billings in a statement. “The force is working through the implications and direct contact is being made with those affected.”

Original Post URL: https://www.govinfosecurity.com/met-police-officers-at-risk-after-serious-data-breach-a-22947

Category & Tags: –

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
CISO2CISO Notepad Series
The sqreen DevSecOps Security Checklist
The sqreen DevSecOps Security Checklist
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response