The Metropolitan Police Service (MPS) is investigating a possible data breach following “unauthorised access” to the systems of one of its suppliers. The company had access to names, ranks, photos, vetting levels, and pay numbers for officers and staff, the force said in a statement. The MPS, which is responsible for law enforcement in the greater London area, has taken security measures as a result, with the matter reported to the National Crime Agency (NCA) and the Information Commissioner’s Office (ICO).
The disclosure came just a few weeks after the Police Service of Northern Ireland (PSNI) admitted to suffering two separate data breaches. The first centred on the exposure of information on serving police officers and civilians in response to an FOI request from a member of the public relating to officer rank and staff grades. An error led to the sharing of a large Excel spreadsheet containing the surnames and initials of current employees alongside the location and department within which they work. The second involved the theft of documents including a spreadsheet containing the names of more than 200 serving police officers and staff from a “private vehicle” in the Newtownabbey area in Northern Ireland.
In the same month, the UK’s Norfolk and Suffolk police constabularies disclosed the accidental exposure of personal data belonging to more than 1,000 individuals, including victims of crime. The agencies said they identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.
Compromised information could do incalculable damage
Any information compromised in the latest Metropolitan Police data breach could, in the wrong hands, do incalculable damage, Rick Prior, vice chair of the Metropolitan Police Federation, told the BBC. “Metropolitan Police officers are – as we speak – out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” he said.
To have their personal details potentially leaked out into the public domain in this manner, for all to possibly see, will cause colleagues incredible concern and anger, Prior added. “We will be working with the force to mitigate the dangers and risks that this disclosure could have on our colleagues, and [we] will be holding the Metropolitan Police to account for what has happened.”
The breach could be more of a concern for ethnic minority officers, former MPS Chief Superintendent f Dal Babu, told BBC News. “If you’re from a minority background and your name has been obtained by a criminal network, they’re more likely to be able to find you because those names are unusual and it’s easier to find on the internet where you are, what you’re doing.”