Greater Manchester Police confirms third-party supplier hit by ransomware attack.

The personal data of thousands of Greater Manchester Police officers has been put at risk of breach after one of the force’s third-party suppliers was hit by a ransomware attack.

The firm in Stockport, which makes ID cards, is understood to hold information on various UK organisations including some of the staff employed by Greater Manchester Police (GMP).

Greater Manchester Police data breach

Greater Manchester Police has confirmed it was aware of the ransomware attack.

This follows the data breaches that affected the Police Service of Northern Ireland and Norfolk and Suffolk Police last month.

Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense, Europe’s largest MSSP, said this latest cyberattack proves the need for businesses to ensure they prioritise the security of their supply chain and third-party partners.  

“This is another example of why organisations must ensure that supply chain risk management is a top priority. There have been a number of well-publicised incidents in recent years – attacks on smaller companies which have had a huge knock-on impact on multiple other organisations.

“Incidents such as the SolarWinds and Kaseya compromises revealed how vulnerable we are to attacks via the supply chain, as well as illustrating just how interdependent computer systems and the businesses that use them are with one-another.

“The message is clear – no matter how secure businesses’ systems are, they are always at risk via third-party suppliers. Senior leaders need to have a clear understanding of what security controls, personnel, and processes a third party has in place, which is typically handled through something as straightforward as a questionnaire. However, this is both a ‘point in time’ approach and difficult to measure. We expect a more standards-based approach, at least as agreed within an individual supply chain, to emerge as a more resilient method.”

Risk to public data growing

Cybersecurity expert and CIO of secure digital communications specialist at Zivver, Rick Goud added: “While the fall out and damage from this particular incident still remains unknown, what we do know is that there are many similarities between this attack and the Metropolitan Police last month. Malicious actors are embedding themselves within organisations and their understanding of our systems is developing. As threats like these become more common, it is clear that the risk to public data is only growing.

 “Organisations must take a look at the bigger picture and identify the root cause of these attacks. Taking a proactive approach rather than reaction-based should be the first step in protecting public data. Making systems secure-by-design across the entire network from email to the edge will reduce the risks of data falling through the cracks and ending up in the hands of these malicious actors.”

Their weakest link is also yours

Muhammad Yahya Patel, Lead Security Engineer at Check Point Software said: “Ransomware plagues organisations in all sectors, but it is most damaging in those industries that play a crucial role in society. Check Point Research revealed that in the UK, the average number of weekly attacks per organisation was 866 in the first half of 2023, and it shows no signs of slowing down.

“It is unsurprising yet disappointing that a supply chain attack was behind this incident. There is still an overall lack of awareness of how critical security is across the entire network infrastructure, and the role that everyone plays in preventing an attack. It is key that organisations stop the escalation in its tracks, prioritise the protection of sensitive data and thoroughly vet any organisation they partner with. After all, their weakest link is also yours.”

More UK Security News.