Met IT breach could do ‘incalculable damage,’ police federation says

A Metropolitan Police IT system breach could do “incalculable damage” in the wrong hands, the Metropolitan Police Federation has said.

Scotland Yard said it had been made aware of “unauthorised access to the IT system of one of its suppliers”.

The force is now working with the company to understand if there has been any security breach relating to its data.

A spokesperson for the Metropolitan Police Federation said any potential leak “will cause colleagues incredible concern and anger”.

The company in question had access to names, ranks, photos, vetting levels and pay numbers for officers and staff, but did not hold personal information such as addresses, phone numbers or financial details, the force said.

A spokesman for the force was unable to say when the breach occurred or how many personnel might be affected.

Rick Prior, Vice Chair of the Metropolitan Police Federation said: “Metropolitan Police officers are – as we speak – out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.

“To have their personal details potentially leaked out into the public domain in this manner – for all to possibly see – will cause colleagues incredible concern and anger.

“We share that sense of fury… this is a staggering security breach that should never have happened.”

He added: “Given the roles we ask our colleagues to undertake, significant safeguards and checks and balances should have been in place to protect this valuable personal information which, if in the wrong hands, could do incalculable damage.

“The men and women I represent are justifiably disgusted by this breach. We will be working with the force to mitigate the dangers and risks that this disclosure could have on our colleagues. And will be holding the Metropolitan Police to account for what has happened.

“Our brave Police Officers – who give up so much to do this job – deserve so much better.”

The Met has taken “security measures” as a result.

The matter has been reported to the National Crime Agency – and the Information Commissioner’s Office (ICO) is also aware, the Met said.

It follows an admission by the Police Service of Northern Ireland (PSNI) that personal data on all its serving members was mistakenly published in response to a Freedom of Information (FOI) request.

Details of around 10,000 PSNI officers and staff included the surname and first initial of every employee, their rank or grade, where they are based and the unit they work in.

After the PSNI breach was revealed, Norfolk and Suffolk Police announced the personal data of more than 1,000 people – including crime victims – was included in another FOI response.

On Wednesday, South Yorkshire Police referred itself to the ICO after noticing “a significant and unexplained reduction in data stored on its systems”.

The force said it is now urgently working with experts to recover footage filmed by officers as they attended incidents or engaged with the public and which, in some cases, could be used as evidence in court.

A spokesperson for the National Crime Agency said: “We are aware of the cyber incident and we are working with law enforcement partners to understand the impact.”