News & Resources

Police Federation data breach

  • Posted on

On 9 March 2019, the Police Federation of England and Wales (PFEW) headquarters became aware of a ransomware cyber-attack on their system. It took the PFEW 12 days to notify those who were affected by the breach.

The PFEW called in BAE Systems’ Cyber Incident Response division to assess the impact and scale of the cyber-attack, before notifying the relevant authorities.

In a statement posted on Twitter, the Federation said:

There is no evidence at this stage that any data was extracted from the organisation’s systems, although this cannot be discounted and PFEW are taking precautions to notify individuals who may potentially be affected.

The attack only impacted computers at the PFEW’s headquarters in Surrey, but the data stored in that facility is quite substantial. One of the affected databases holds the names, email addresses, NI numbers, ranks and serving forces of around 120,000 police officers up to the rank of chief inspector.

The breach also involved a booking system for the PFEW conference and hotel facilities in leatherhead. This data contains the names, addresses and email addresses of non-police citizens who visited the facility for leisure purposes.

Finally, several databases and email systems were encrypted by the criminals, and backups were also affected.

Cyber-security experts took notice of the incident and suggested the PFEW needed contingency plans for these types of incidents, including having functional, regularly maintained, backups of all their data.

Max Heinemeyer, director of threat hunting at Darktrace, said of the incident:

The fact that the UK Police Federation has fallen victim to a ransomware attack shows that no system, not even those being defended by industry experts, is invulnerable.

Our expertise with data breaches

Hayes Connor is home to one of the largest team of data breach claims specialists in the country. With a wealth of experience and an excellent track record of success, we can guide clients through dealing with any situation where personal data has been lost, stolen or otherwise exposed.

If your data has been exposed or potentially exposed in a data breach, you can take a look at our guide to what to do if your data has been stolen in a data breach.

You can find out more about our expertise and how we handle data breach claims here.

To see how we can help with a data breach, you can use our online claim form or speak to a member of our team by calling 0151 363 5895.

Contact us