Greater Manchester Police ransomware attack another classic demo of supply chain challenges

The UK's Greater Manchester Police (GMP) has admitted that crooks person sewage their mitts connected immoderate of its information aft a third-party supplier responsible for ID badges was attacked.

According to nan Manchester Evening News nan stolen information included nan names and pictures of constabulary officers held by nan supplier for usage connected thousands of ID badges.

Assistant Chief Constable Colin McFarlane of Greater Manchester Police (GMP) said: "We are alert of a ransomware onslaught affecting a third-party supplier of various UK organizations, including GMP, which holds immoderate accusation connected those employed by GMP."

McFarlane added nan unit did not judge that financial accusation was included, which will beryllium of tremendous comfortableness for officers wondering what information could now beryllium successful nan hands of wrong-doers.

he added: "This is being treated highly seriously, pinch a nationally led criminal investigation into nan attack."

The breach was reported to nan Information Commissioner's Office (ICO), which told The Register: "Police officers and unit expect their accusation to beryllium kept secure, and are correct to beryllium concerned erstwhile that doesn't happen. This incident has been reported to us, and we'll now beryllium looking into what happened, and asking questions connected behalf of anyone affected."

The breach bears a chopped resemblance to past month's data leak astatine a supplier of London's Metropolitan Police, wherever nan specifications of each 47,000 unit members and constabulary officers were exposed.

At nan time, erstwhile Met commandant John O'Connor told The Sun newspaper: "Anyone utilizing these specifications to nutrient a warrant paper aliases walk could summation entree to a constabulary position aliases unafraid area."

Earlier this month, an onslaught connected a supplier of high-security fencing for subject bases resulted successful information exfiltration acknowledgment successful portion to nan usage of obsolete kit – a Windows 7 PC – near accessible to attackers.

Supply concatenation attacks are becoming progressively prevalent, and this latest incident is simply a reminder to organizations that their information posture tin often dangle connected that of their suppliers.

• Caesars says cyber-crooks stole customer information arsenic MGM casino outage drags on
• US-Canada h2o org confirms 'cybersecurity incident' aft ransomware unit threatens leak
• Here's why unreality credentials are nan hottest point connected criminal marketplaces
• Capita people action: 2,000 folks affected by information theft motion up

Caleb Mills, Professional Services head astatine Doherty Associates, said: "The onslaught exposing Greater Manchester Police Officers' individual specifications highlights nan value of holistically assessing an organization's cybersecurity posture – nary chromatic must beryllium near unturned. This is particularly existent because information controls, nary matter really robust, tin beryllium rendered ineffective if location are vulnerabilities wrong nan proviso chain. Your information is only arsenic beardown arsenic its weakest link."

Raj Samani, SVP and main intelligence astatine Rapid7, said: "The ransomware onslaught connected Greater Manchester Police is different footwear successful nan teeth for nationalist services. An statement is only arsenic unafraid arsenic its weakest third-party network, and information protocols are only effective if each of their third-party providers are arsenic secure."

He added: "Cybercriminals are alert of this and will effort to breach nan weakest nexus successful nan concatenation to summation entree to systems and bargain highly delicate data. The vulnerability of delicate accusation specified arsenic nan identities of undercover officers tin jeopardise criminal cases, and astatine worse, endanger officers' lives. Therefore, it is moreover much important that proviso chains are secured." ®