The Metropolitan Police has reported that one of its suppliers has been hit by a cyber attack, raising fears that some of its own data might be compromised.
It has published a statement on its website saying it has been made aware of unauthorised access to its supplier’s IT system and is working with the company to understand if there has been a breach of police data.
The company had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.
The Met said it has taken security measures and reported the matter to the National Crime Agency and the Information Commissioner’s Office.
Staff representative's anger
The report prompted an angry response from the staff organisation the Metropolitan Police Federation.
Its vice chair, commented: "Metropolitan Police officers are - as we speak - out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.
"To have their personal details potentially leaked out into the public domain in this manner - for all to possibly see - will cause colleagues incredible concern and anger.
"We share that sense of fury... this is a staggering security breach that should never have happened."
He added: "Given the roles we ask our colleagues to undertake, significant safeguards and checks and balances should have been in place to protect this valuable personal information which, if in the wrong hands, could do incalculable damage.
“The men and women I represent are justifiably disgusted by this breach. We will be working with the force to mitigate the dangers and risks that this disclosure could have on our colleagues. And will be holding the Metropolitan Police to account for what has happened. “
The news has come two weeks after the Police Service of Northern Ireland acknowledged a major data breach in which information on officers and staff briefly become publicly available – although that occurred through error rather than a cyber attack.