Police among potential victims of huge data breach

Names and photographs of up to 20,000 officers could have been exposed following a data breach affecting UK police forces.

Stockport-based Digital ID is the UK’s largest ID card supplier – serving some 30,000 customers across the country, a list that reportedly includes the Metropolitan Police and Greater Manchester Police, as well as various universities and NHS Trusts.

It’s now thought to have been the victim of a ransomware attack that exposed the personal details of around 20,000 people. What’s more, with the investigation still ongoing it’s feared that the real number of impacted individuals could creep even higher still.

The ongoing investigation means details around this specific cyber attack are scant, though Digital ID has confirmed it was the target, adding that an IT security incident “affected the company’s systems”. A spokesperson added that external consultants were brought in to investigate what data may have been leaked, and whilst all this was ongoing the company couldn’t provide further comment.

Due to the secrecy around the ongoing investigation it has not been officially confirmed whether this hack is related to or separate from another that also impacted Digital ID in recent weeks. This original breach exposed the names, ranks, photos, vetting levels and pay numbers belonging to officers and staff at the Metropolitan Police when the IT system of a Digital ID supplier was hacked.

Reassuringly, this latest breach doesn’t appear to have disclosed as much personal data, with reports claiming that only names and photographs were made available.

That said, Toby Lewis of Darktrace (and a former incident manager at the National Cyber Security Centre) told The Guardian there was still real cause for concern.

He warned: “If you’ve got a pass that’s been made by Digital ID then there is absolutely is the chance that your personal details that were used to generate that pass [have] been caught up in this ransomware attack and could eventually be leaked online if the company chooses not to pay the ransom.”

One saving grace could be that many clients buy ID card printers directly from the company, meaning it doesn’t handle as much data as if it printed everything in house. However, the Metropolitan and Greater Manchester police forces are not thought to be among this group – instead providing Digital ID the information to print passes on their behalf.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Police among potential victims of huge data breach

Categories

Horsham Office: 01293 871971 | London Office: 0203 763 3919 | IT Support: 01293 876000