The Police Federation has announced a ransomware attack on their headquarters earlier this month. Under GDPR requirements, the breach was reported to the ICO within the required 72 hours and those affected have been informed. The organisation consists of 43 branches and acts like a union to represent 119,000 officers, across all police forces in England and Wales.
Why a police union?
At this stage, there’s no evidence to suggest this was a targeted attack, but there is a history of targeting police unions. In January of this year, Anonymous attacked the Italian Trade Union of State Police officers. Likewise, in 2016 the Fraternal Order of Police (FOP) - the largest police union in America - was hacked and 2.5GBs of data was posted on online, including officers’ names and home addresses. Any breach of personal information is bad news, but breaches of police officers’ information brings additional problems.
What are the risks?
Doxing is when identifiable information is made available to the public, generally to encourage vigilantism or public shaming - and it’s a big issue for police officers. During the 2014 unrest in Ferguson, Missouri - Anonymous not only attacked City Hall, but they also released the name, address, phone number and social security details of the police chief because he would not release details of the officer who killed the teenager Michael Brown. Researchers found that the majority of doxes were motivated by a desire for justice (51%), with revenge being the second biggest driver (39%).
The ransomware is contained
A criminal investigation has been launched and the Police Federation has stressed that the malware has not spread to any other branch. While some data was encrypted and backups were deleted, the organisation does not believe any data was extracted (although it is possible).
At this stage, there’s little information about what kind of ransomware was used or if it is a known threat. To protect themselves, organisations should have an ongoing patch management process in place to check that security and critical updates are patched in a timely fashion, as well as aiding in the organisations overall security posture. But it’s also important to be fully prepared for a cyber attack - with effective business continuity plans, multiple data back-ups and incident management processes to minimise business disruption and support recovery.
The ransomware attack hit computers at the federation’s Surrey headquarters on March 9, but was only revealed Thursday. Several databases and email systems were encrypted, the organization said, leading to some disruption to its services. Its backup data had also been deleted. “There is no evidence at this stage that any data was extracted from our systems but this cannot be discounted,” the organization said in a tweet. None of the other 43 branches across the U.K. were affected, the statement said.