Hackers have compromised the personal data of up to 120 000 police officers working in England and Wales, and are believed to be demanding a ransom of cryptocurrencies for the data’s safe return, UK news outlet The Sun reports.
Data affected by the breach include officers’ names and ranks, emails, national insurance numbers, banking details and confidential information regarding complaints against officers.
The data was reportedly accessed via a malware/ransomware hack executed against the UK’s Police Federation’s computer system.
Credit card details of individuals who have used the Police Federation’s conference and hotel facilities were also compromised in the attack.
Ransomware attacks are typically initiated via phishing campaigns where an unsuspecting employee is enticed to click on an infected link in an email.
The link then uploads malicious malware onto the employee’s network, and eventually, that malware locates and encrypts pools of data.
People attempting to access that data then receive a notice demanding a ransom payment to release the data.
Numerous public institutions and private businesses across the world have been targeted in ransomware attacks.
20% of American law firms have reported being targeted in malware/ransomware campaigns.
As recent ransomware attack on the Boston public defenders’ office has caused weeks-long trial delays, including a delay in the trying a case of alleged sexual assault against a child.
According to The Sun, the attack against the UK’s Police Federation, “is thought to be part of a larger campaign to extort cryptocurrency from victims by threatening further damage.”
The Federation has said it cannot be sure that data was not stolen in the hack:
“There is no evidence at this stage that any data was extracted from the organisation’s systems, although this cannot be discounted and we are taking precautions to notify individuals who may potentially be affected.”
The Dark Net hosts numerous illicit markets, including many where stolen data can be bought.
Because stolen data can be easily replicated, it can also be sold repeatedly.
In 2017, a cybersecurity researcher who has worked with the military told an audience in Toronto that hostile states often steal citizens’ data and may sit on it for years before exploiting it.
Police Federation National Chairperson John Apter apologized for the breach:
“We are deeply sorry. The Police Federation takes data security very seriously.”
The attack is also being investigated by the National Cyber Security Centre and the Information Commissioner’s Office.