London’s Metropolitan Police force issued a statement on Sunday indicating that it had implemented security measures in response to an incident of “unauthorized access to the IT system of one of its vendors.” This event comes in the wake of recent data breaches experienced by other police forces. The vendor in question had been granted access to certain information including names, ranks, photographs, vetting levels, and pay identification numbers of officers and staff members. However, it should be noted that addresses, phone numbers, and financial details were not compromised.
The Sun on Sunday newspaper reported that “cyber criminals successfully infiltrated the IT infrastructure” of the aforementioned vendor, a company responsible for producing identity cards and staff passes for the Metropolitan Police, the largest police force in the UK.
Scotland Yard, the headquarters of the Metropolitan Police, stated that they are collaborating with the vendor to determine whether a breach in data security had occurred. Although a spokesperson was unable to specify the timeline of the breach or the extent of personnel affected, they emphasized that precautionary security measures have been taken based on the reported incident.
The Metropolitan Police Federation, an organization representing officers at various ranks, expressed deep concern and anger among its members regarding the breach. Vice chair Rick Prior characterized the situation as an alarming security lapse that should have been prevented.
This incident comes shortly after the Police Service of Northern Ireland (PSNI) acknowledged that personal data of all active members had been mistakenly disclosed in response to a Freedom of Information (FOI) request. The exposed data included last names, first initials, ranks or grades, work locations, and unit assignments of approximately 10,000 PSNI officers and staff. This revelation occurred amidst heightened security concerns in the UK, particularly due to a “severe” terrorism threat level following an assassination attempt on a senior police officer by dissident republicans.
Further compounding these issues, Norfolk and Suffolk Police revealed that personal data of over 1,000 individuals, including crime victims, was inadvertently included in another FOI response.
Recently, South Yorkshire Police initiated a self-referral to the Information Commissioner’s Office after discovering an unexpected and substantial reduction in the data stored within its systems.