Greater Manchester Police confirms third-party supplier hit by ransomware attack.

The personal data of thousands of Greater Manchester Police officers has been put at risk of breach after one of the force’s third-party suppliers was hit by a ransomware attack.

The firm in Stockport, which makes ID cards, is understood to hold information on various UK organisations including some of the staff employed by Greater Manchester Police (GMP).

Greater Manchester Police data breach

Greater Manchester Police has confirmed it was aware of the ransomware attack.

This follows the data breaches that affected the Police Service of Northern Ireland and Norfolk and Suffolk Police last month.

Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense, Europe’s largest MSSP, said this latest cyberattack proves the need for businesses to ensure they prioritise the security of their supply chain and third-party partners.  

“This is another example of why organisations must ensure that supply chain risk management is a top priority. There have been a number of well-publicised incidents in recent years – attacks on smaller companies which have had a huge knock-on impact on multiple other organisations.

“Incidents such as the SolarWinds and Kaseya compromises revealed how vulnerable we are to attacks via the supply chain, as well as illustrating just how interdependent computer systems and the businesses that use them are with one-another.

“The message is clear – no matter how secure businesses’ systems are, they are always at risk via third-party suppliers. Senior leaders need to have a clear understanding of what security controls, personnel, and processes a third party has in place, which is typically handled through something as straightforward as a questionnaire. However, this is both a ‘point in time’ approach and difficult to measure. We expect a more standards-based approach, at least as agreed within an individual supply chain, to emerge as a more resilient method.”

More UK Security News.