An investigation is underway after details of thousands of Greater Manchester Police officers and staff were hacked, the force has said.
Details on identity badges and warrant cards, including names, photos of individuals and identity numbers or police collar numbers, were stolen in a ransomware attack on the force’s supplier of ID badges.
Assistant Chief Constable Colin McFarlane of GMP said: “We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.
“At this stage, it’s not believed this data includes financial information.”
He added: “We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.
“This is being treated extremely seriously, with a nationally-led criminal investigation into the attack.”
GMP said no home addresses of officers or any financial information about individuals had been stolen in the hack.
The force, like many others, uses covert officers and has a sizeable counter-terror unit.
An internal GMP staff email issued on Wednesday, according to the Manchester Evening News, said there is no indication any GMP data has been put online or shared any further.
Last month the Metropolitan Police was also put on alert after a similar security breach involving one of its suppliers.
GMP said the National Crime Agency is leading on the investigation into the ransomware hack.
Mike Peake, chair of Greater Manchester Police Federation, said: “Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.
“To have any personal details potentially leaked out into the public domain in this manner – for all to possibly see – will understandably cause many officers concern and anxiety.
“We are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.”
The National Crime Agency (NCA) confirmed they are investigating the hack of GMP along with the same attack on the Met Police.
A spokesman said: “The National Crime Agency is leading the criminal investigation into a cyber incident affecting a company which supplies ID card services to a number of UK organisations.
“We are working alongside the NCSC and law enforcement partners to fully understand the impact of the incident and support those organisations whose data has been accessed.”
Elizabeth Baxter, head of cyber investigations at the Information Commissioner’s Office (ICO), said: “Police officers and staff expect their information to be kept secure, and are right to be concerned when that doesn’t happen.
“This incident has been reported to us, and we’ll now be looking into what happened, and asking questions on behalf of anyone affected.
“Organisations must look after employee information, particularly in sectors where the impact of a data breach could be greater. The ICO works to support organisations to get this right so people can feel confident that their information is secure.”