Police Federation Data Breach – March 2019

Data of 119,000 Police Compromised In Cyber Attack

On 9th March 2019, the Police Federation of England and Wales (PFEW) came under attack from a ransomware strike. In a statement posted on the 21st March by PFEW on Twitter, the Federation admitted to the attack and detailed how they were ‘rapidly reacting to isolate the malware to stop it spreading to branches’. The Information Commissioner’s Office and National Cyber Security Centre were both informed within 2 days of PFEW discovering the attack.

Although the PFEW stated that the cyber attack was not ‘targeted specifically at PFEW and was more likely to have been part of a wider campaign’. The organisation was sure to add that it had no reason to believe that any data was extracted from its systems, however it has taken the precautions to notify 119,000 individuals registered with the federation that their information may have been compromised. This information was taken from the Surrey HQ and effected members of all ranks, from constables to chief inspectors across 43 forces and included names, email addresses, National Insurance numbers and ranks.

A second database, involving a booking system for the PFEW’s conference facilities in Leatherhead was also compromised with personal information of those staying between 1st September and 9th March 2019 being leaked, in addition to some financial details. A further breach was also reported on the PFEW claims case management system, meaning that any member of the Federation who had enlisted PFEW’s services in relation to an investigation or complaint may have had their information stolen by hackers.

If you’ve been affected by the PFEW’s ransomware attack, or your personal data has been breached in a similar fashion then you can get in touch with us today to find out how we can help you.