News

Specialist print supplier at centre of Met data breach

News by
Business
As part of ‘Operation Fortress’ the Met replaced old-style warrant cards with a new, more secure version
As part of ‘Operation Fortress’ the Met replaced old-style warrant cards with a new, more secure version

A specialist print supplier to the Metropolitan Police is at the centre of a massive data breach apparently involving a cyber attack.

Over the weekend the force confirmed that it had been made aware of unauthorised access to the IT system of a Met supplier.

The unnamed supplier prints warrant cards and staff passes.

In a statement, the Met said: “We have been working with the company and understand that their security breach does include Metropolitan Police data.

“The company had access to names, ranks, photos, vetting levels and pay numbers for officers and staff. The company did not hold personal information such as addresses, phone numbers or financial details.”

All of the force’s 47,000 employees have been notified about the breach.

Staff association the Metropolitan Police Federation described the situation as “a staggering security breach that should never have happened".

Vice chair Rick Prior said: "Metropolitan Police officers are – as we speak – out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe. 

"To have their personal details potentially leaked out into the public domain in this manner - for all to possibly see - will cause colleagues incredible concern and anger.

“The men and women I represent are justifiably disgusted by this breach. We will be working with the force to mitigate the dangers and risks that this disclosure could have on our colleagues. And will be holding the Metropolitan Police to account for what has happened.”

According to publicly-available information lodged with the government’s contract and tenders service, the work had not been awarded as a standalone contract to a named supplier.

However, as part of ‘Operation Fortress’ the Met has disclosed that it spent £467,587 last year replacing warrant cards with a new, more secure version.

The investment also included new lanyards and passes for police staff.

During the height of the pandemic restrictions there had been an increase in the use of forged warrant cards by members of the public posing as police officers to hand out on-the-spot fines.

The Met has reported the matter to the National Crime Agency and the Information Commissioner's Office (ICO).

An ICO spokesperson said: “People have the right to expect that organisations will have robust measures in place to protect the personal information they hold.

“We recognise the potential impact on police officers and staff affected by this breach and expect appropriate and swift action to be taken.

“The Metropolitan Police Service has made us aware of an incident and we will be making enquiries.”

Print bosses have previously been warned to be on their guard because cyber criminals have been specifically targeting firms that provide support services to high-profile institutions, such as banks.

Business Security Print buying