London’s Metropolitan Police Service (MPS) is grappling with a significant data breach that could have exposed sensitive information of its entire 47,000 personnel. The breach is believed to have occurred due to unauthorized access to the IT system of a supplier to the MPS.
The compromised data includes officers’ names, ranks, photographs, vetting levels, and pay numbers. However, the MPS clarified that “the company did not hold personal information such as addresses, phone numbers or financial details.”
“Metropolitan Police officers are — as we speak — out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” Rick Prior, vice chair of the Metropolitan Police Federation (MPF) said. “To have their personal details potentially leaked out into the public domain in this manner — for all to possibly see — will cause colleagues incredible concern and anger.”
This incident is the latest in a series of data breaches affecting U.K. police forces. Earlier this month, the Police Service of Northern Ireland (PSNI) inadvertently exposed the personal details of all its 9,276 serving officers and staff due to an error while responding to a freedom of information request. The PSNI has since been working to mitigate the risks posed by this breach.
Furthermore, the constabularies of Norfolk and Suffolk recently revealed that they had accidentally disclosed personal data of over 1,000 individuals in response to freedom of information requests.
Dal Babu, a former MPS Chief Superintendent, highlighted the potential risks for ethnic minority officers, stating that unique names could make it easier for criminal networks to locate and target these officers.
The MPS continues to investigate the breach, working closely with the affected supplier. The exact scale of the breach, its implications, and potential countermeasures are yet to be fully determined.