- All 47,000 personnel in the force were warned of the risk in a message
Thousands of Met Police officers’ details are at risk following a major security breach which saw cyber criminals hack into the force’s warrant card supplier – in a move that has been branded ‘utterly outrageous’ by a former top cop.
All 47,000 personnel in the force were warned last night of the risk that their photos, names and ranks could have been stolen when criminals hacked the IT systems of a contractor that prints staff passes.
ID numbers and vetting levels could also have been exposed in the breach employees were told. Officers’ personal details – like their home addresses – have not been leaked, though.
However, the National Crime Agency has since been called in amid fears terrorists and organised gangs could try and use the stolen data, it has been reported.
Ex-Met commander John O’Connor slammed the latest breach as ‘utterly outrageous’, fiercely questioning ‘why IT security of this company was so slapdash’.
He told the Sun on Sunday: ‘Anyone using these details to produce a warrant card or pass could gain access to a police station or secure area.
‘There is also a huge concern that photographs of police working on undercover units, surveillance or in sensitive areas like counter-terrorism could fall into the wrong hands.
‘This data breach has put safety of police at risk and questions need to be asked about why IT security of this company was so slapdash.’
Met Police Service bosses reportedly sent a message to cops urging them to ‘remain vigilant’.
Personal information such as addresses, phone numbers and financial details of staff, however, were not held by the company and so are not at risk.
The message added that the force was ‘working to understand the scale of the breach’ and how much information they held about staff and officers.
It remains unclear whether the hackers were trying to target officers and staff or whether they wanted a ransom from the printing company.
The Met said it was aware of the ‘IT system of a Met supplier’ and was working with the company to discover if there had been ‘any security breach’ relating to the force’s data.
It comes after details of 10,000 police personnel in Northern Ireland were mistakenly disclosed.
The PSNI revealed earlier this month that a document had mistakenly been shared online, including the names of around 10,000 officers and staff.
More than 660 officers who work in intelligence, counter-terrorism and surveillance, as well as those working in MI5 were also put at risk.
Around 3,000 officers have since expressed concern for their safety in Northern Ireland, where police are under threat from terrorists – with the current level of threat assessed as severe, meaning an attack is highly likely.
After the PSNI breach was revealed, Norfolk and Suffolk Police announced the personal data of more than 1,000 people – including crime victims – was included in another FOI response.
And on Wednesday, South Yorkshire Police referred itself to the ICO after noticing ‘a significant and unexplained reduction in data stored on its systems’.
The force said it is now urgently working with experts to recover footage filmed by officers as they attended incidents or engaged with the public and which, in some cases, could be used as evidence in court.
A spokesperson for the Met Police said tonight: ‘We have been made aware of unauthorised access to the IT system of a Met supplier.
‘We are working with the company to understand if there has been any security breach relating to Metropolitan Police data.
‘The company had access to names, ranks, photos, vetting levels and pay numbers for officers and staff. The company did not hold personal information such as addresses, phone numbers or financial details.
‘Security measures have been taken by the MPS as a result of this report.
‘The MPS has reported the matter to the National Crime Agency. The Information Commissioner’s Office is also aware.’