At a glance.
- Greater Manchester Police suffers third-party data breach.
- Caesars is dealt a bad hand.
- Breach exposes Minnesota student data.
Greater Manchester Police suffers third-party data breach.
The UK’s Greater Manchester Police (GMP) has disclosed that the personal details of thousands of officers and other staff were exposed in a ransomware attack targeting a company that produces identity cards, Security Week reports. The name of the third-party vendor has not been released, but the GMP said the compromised data include names, photos, identity numbers or police collar numbers used to create identity badges and warrant cards. HackReads notes that over eight thousand officers are employed by GMP and were potentially impacted by the attack. Assistant Chief Constable Colin McFarlane stated, "We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP. At this stage, it's not believed this data includes financial information.”
Britain’s National Crime Agency is heading up the national-level investigation, and the Greater Manchester Police Federation is working to limit the officers’ exposure. As Bleeping Computer explains, this is the latest in a series of recent data breaches impacting UK police officers. The Police Service of Northern Ireland (PSNI) announced that the personally identifiable information, ranks, and location of 10,000 police officers had been exposed in July due to an employee error, and in August the Metropolitan Police said the third-party breach of one of its suppliers (likely the same one employed by GMP) resulted in the exposure of the personal data of 47,000 police officers and staff. The Guardian adds that a number of major UK organizations have been hit by ransomware attacks this year including the Royal Mail, popular outsourcing firm Capita, the Barts Health NHS, and coincidentally, the Guardian itself.
Rafe Pilling, a director for threat research at Secureworks, told the Guardian, “This is not a problem that affects the public sector or public sector supply chain specifically. It is happening across businesses and organisations of all shapes and sizes.” It’s unclear who is responsible for the GMP attack, but Pilling stated, “There are multiple criminal gangs conducting this activity at the moment. The vast majority are Russian speaking or have Russian links.”
Javvad Malik, Lead Security Awareness Advocate at KnowBe4, commented on the incident, which he thinks typifies the cybersecurity issues police forces tend to confront. "The reported data breach targeting Greater Manchester Police officers' warrant card details is a concerning incident, further exemplifying the persistent cybersecurity challenges faced by law enforcement agencies. This breach follows a similar attack on the Metropolitan Police, highlighting the potential vulnerabilities of third-party suppliers in the supply chain. While it's reassuring to learn that financial details and home addresses were not compromised, the exposure of names, ranks, and photographs from warrant badges can still have significant implications. Such information can be leveraged for identity theft, social engineering attacks, or even the targeting of specific police officers."
Malik offered some recommendations. "It's essential for law enforcement agencies to conduct rigorous security assessments of their third-party suppliers and ensure they meet stringent cybersecurity standards. Additionally, implementing robust monitoring, detection, and response mechanisms can help organisations identify and respond quickly to potential breaches. This incident should serve as a reminder to all organisations, including law enforcement agencies, to regularly review and strengthen their cybersecurity practices. Proactive measures such as employee cybersecurity training, regular vulnerability assessments, and incident response drills can significantly mitigate the risk of data breaches and help maintain public trust in the agencies responsible for keeping communities safe."
Caesars is dealt a bad hand.
International Casino giant Caesars suffered a cyberattack that exposed customer data from the company's loyalty program database. The compromised data include customer drivers license details and Social Security numbers, but Caesars says there’s no evidence that account numbers or financial info were accessed. The company did not specifically say that it was a ransomware attack, but the 8-K filing with the US Securities and Exchange Commission seems to indicate a ransom negotiation might have occurred. “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” the filing reads. “We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.” The breach stemmed from a social engineering attack targeting an unnamed third-party support vendor, and Caesars says it has taken steps to make sure the vendor implements security measures to prevent future incidents. As Security Week notes, just days ago fellow hospitality company MGM Resorts reported it was dealing with a “cybersecurity issue” that impacted its website, casinos, email, restaurant reservations, and hotel bookings, and the ALPHV ransomware group has already taken credit for the attack.
Breach exposes Minnesota student data.
St. Paul Public Schools, a district located in the US state of Minnesota, is notifying families that a February cyber incident exposed over 40,000 student names and email addresses.
According to district spokesperson Erica Wacker, that number includes all students who were enrolled in St. Paul Public Schools during the last academic year, as well as some students at private and charter schools. The district says state and federal law enforcement were enlisted to assist with the investigation and that “a suspect has been reasonably identified.” It’s worth noting that half a dozen Minnesota learning institutions have been impacted in data breaches in the past year, including Minneapolis Public Schools (MPS), the Minnesota Department of Education, and the University of Minnesota.
Emsisoft threat analyst Brett Callow described the St. Paul breach as relatively minor, stating, “Somebody purloined the school database—names and emails—and seems to have shared it in a since-deleted post on a hacker forum. Certainly not in the same league as MPS.” Ian Coldwater, cybersecurity expert and Minneapolis Public Schools parent, said nonetheless St. Paul families should be vigilant, as email addresses could be used by scammers to conduct phishing attacks. Coldwater told the Sahan Journal, “it’s still going to be important for folks who know that they’ve been affected by this breach to keep an eye out on their data, their accounts, see if they see anything weird happening. Accounts that they didn’t make, logins that they didn’t initiate, that kind of thing.”