A recent data breach has impacted the UK’s Greater Manchester Police (GMP), exposing the personal details of thousands of officers and staff. The breach occurred in a ransomware attack targeting a third-party vendor responsible for producing identity cards used by GMP. Although the vendor’s name has not been released, the compromised data includes names, photos, identity numbers, and police collar numbers used to create identity badges and warrant cards.
Over eight thousand GMP officers are potentially affected by the breach. Assistant Chief Constable Colin McFarlane stated that the compromised data does not include financial information. The UK’s National Crime Agency is leading the national-level investigation into the breach, while the Greater Manchester Police Federation is working to minimize the officers’ exposure.
This incident is the latest in a series of data breaches affecting UK police officers. In July, the Police Service of Northern Ireland (PSNI) announced that the personally identifiable information, ranks, and locations of 10,000 police officers had been exposed due to an employee error. In August, the Metropolitan Police reported a third-party breach that resulted in the exposure of personal data for 47,000 police officers and staff. Several other major UK organizations, including the Royal Mail and the Barts Health NHS, have also fallen victim to ransomware attacks this year.
Rafe Pilling, a director for threat research at Secureworks, emphasized that this issue is not exclusive to the public sector or its supply chain. Criminal gangs, many of which have Russian links, are responsible for the majority of these attacks. Javvad Malik, Lead Security Awareness Advocate at KnowBe4, commented on the incident, stating that it highlights the ongoing cybersecurity challenges faced by law enforcement agencies. Malik recommended conducting rigorous security assessments of third-party suppliers and implementing robust monitoring and detection mechanisms to mitigate the risk of data breaches.
In addition to the GMP breach, international casino giant Caesars also suffered a cyberattack that exposed customer data from its loyalty program database. The compromised data includes customer drivers license details and Social Security numbers, although there is no evidence that account numbers or financial information were accessed. While Caesars did not explicitly mention a ransomware attack, a filing with the US Securities and Exchange Commission suggests that a ransom negotiation may have taken place. The company has taken steps to ensure that the stolen data is deleted and states that it has not seen any evidence of further sharing or misuse.
The breach was a result of a social engineering attack targeting a third-party support vendor. Caesars has implemented measures to ensure that the vendor implements adequate security measures to prevent future incidents. Recently, MGM Resorts, another hospitality company, reported a “cybersecurity issue” that affected its website, casinos, email, restaurant reservations, and hotel bookings. The ALPHV ransomware group has claimed responsibility for the attack.
In the US state of Minnesota, St. Paul Public Schools is notifying families that a cyber incident in February exposed over 40,000 student names and email addresses. The breach affected all students enrolled in the district during the last academic year, as well as some students from private and charter schools. State and federal law enforcement agencies are assisting with the investigation, and a suspect has been reasonably identified. Several other Minnesota learning institutions, including Minneapolis Public Schools and the University of Minnesota, have also experienced data breaches in the past year.
While the St. Paul breach is considered relatively minor compared to others, experts are urging affected families to remain vigilant. Scammers could potentially use the exposed email addresses to conduct phishing attacks. Ian Coldwater, a cybersecurity expert and parent of a Minneapolis Public Schools student, advised affected families to monitor their accounts closely for any suspicious activity.
These incidents serve as reminders for organizations, both public and private, to regularly review and enhance their cybersecurity practices. Robust security assessments of third-party suppliers, employee cybersecurity training, vulnerability assessments, and incident response drills are essential measures to mitigate the risk of data breaches and maintain public trust.