Netwrix comments: Greater Manchester Police confirm it has been a victim of Cyber Attack
September 2023 by Ilia Sotnikov, Security Strategist at Netwrix
This afternoon Greater Manchester Police confirmed that some of its police officer’s personal details have been hacked, after a third-party supplier was targeted in a cyber-attack. The hack means thousands of police officers’ names are at risk of being put in the public domain.
Ilia Sotnikov, Security Strategist at Netwrix, has made the following comments on the incident:
“From the little information we currently have, it is most likely that this security incident was not a targeted attack on the Greater Manchester Police. It does look, however more like an opportunistic ransomware attack on one of the GMP’s suppliers – a producer of police warrant cards.
“On the one hand, this means we should not expect any immediate impact on the police officers and staff. On the other hand, we are talking about financially motivated cybercriminals that will be happy to sell the stolen information to anyone who agrees to buy it. Security researchers and law enforcement typically monitor darknet forums and warn the potential victims when their data shows up for sale. In other words, the risk for those whose data was exposed is delayed, not mitigated.
“Those involved in the incident are calling for reviews of the measures that international law enforcement is currently taking to disrupt ransomware operations. We don’t know which ransomware organisation was behind this particular attack, but the National Crime Agency has participated in coordinated takedown before. HIVE was probably the most notable of recent examples. This incident also makes it painfully obvious that high risk organisations and government agencies have to pay utmost attention to third party risk management, and review and certify security practices of the suppliers that handle their sensitive data. This does incur expenses and requires effort, but we see the cost of the risks associated with this scenario.”