Foreign Hackers Target Company Supplying Met Police with Warrant Cards
Foreign hackers are believed to be behind a recent cyber attack on a company responsible for producing warrant cards for the Metropolitan Police, according to sources revealed to The Sun. The incident unfolded when the head of Digital ID, a pass specialist firm located in Stockport, received a ransom demand from hackers operating from a server located abroad. This alarming breach highlights potential vulnerabilities in the security of the Metropolitan Police’s identification systems.
The Metropolitan Police, often referred to as the Met, took five days to inform its extensive workforce of 47,000 police officers and civilian staff about the cyber attack. This delay in alerting personnel has drawn criticism from former Met commander John O’Connor, who labeled it “outrageous.”
Recent revelations stemming from a Freedom of Information request indicated that the Met had spent a considerable sum amounting to £467,587 on the production of warrant cards and civilian passes. This expense was necessitated by security breaches that occurred in various police buildings. These warrant cards have a crucial role in preventing forgeries of traditional police IDs, which have been misused by criminals for robbery and deceptive activities, including coercing individuals into paying fake Covid fines.
The breach involved the theft of sensitive information from the warrant cards issued to both police officers and civilian staff members within the London police force. Cyber criminals managed to access and pilfer details such as photographs, names, ranks, vetting statuses, payroll numbers, and security credentials stored on microchips embedded in the IDs.
A reliable source familiar with the matter noted, “The intention behind these cards was to ensure the security of all facilities and locations. However, the decision to outsource production led to an unfortunate turn of events.” This raises concerns about why a task as sensitive as producing police identification was entrusted to an external company with evidently vulnerable IT systems.
While the Met’s previous practice involved issuing ID cards from New Scotland Yard, the shift to these replacements was justified by the organization as a necessary step to leverage the best available technology for safeguarding police officers, staff, and the general public. The incident serves as a reminder of the ongoing challenges organizations face in protecting sensitive data from cyber threats, especially those that may originate from overseas hackers.
Note: This article is based on information available up to September 2021.