Police officers’ body targeted in cyber attack

Few details about the attack – described as a ‘malware attack’ – have been released, for security reasons. Several databases and systems are known to have been affected, preventing encrypted data from being accessed, while email services were temporarily rendered unavailable. According to the federation, there is strong reason to believe that the malware did not spread any further than its Surrey headquarters, with none of its 43 local police branches affected by the attack.

The organisation says that no evidence has been unearthed so far to suggest that any data was extracted as a result of the attack, although the possibility could not be discounted. The police will be notifying individuals who may be affected.

The Police Federation of England and Wales is the staff association for 120,000 constables, sergeants, inspectors and chief inspectors in the two countries. To prevent police strikes, police officers are forbidden from joining standard trade unions.

The organisation confirmed that it had been alerted to the attack on the evening of Saturday 9 March: “Initial indications are that the attack was not targeted specifically at [the organisation] and was more likely to have been part of a wider campaign.”

“We are deeply sorry that this has happened,” said John Apter, chair of the organisation. “The Police Federation takes data security very seriously and responded immediately on becoming aletred to this incident. Our priority has been to mitigate the damage caused by the attack and to protect the personal data of our members and others whose data we hold.”

“We have set up a dedicated webpage to help officers and other individuals with any questions they may have and have directed them to where they can find guidance on the risks associated with this type of attack,” he continued. “From [Friday] at 12pm we will also have a helpline operating for those who have concerns about what has happened.”

Police officers took to Twitter to question why the organisation took the best part of a fornight to notify its members of the attack. The organisation said that its public acknowledgement of the incident was delayed in order to protect the integrity of the resulting criminal investigation.

The incident was reported to the Information Commissioner, the National Cybersecurity Centre and the National Crime Agency.

The federation will be working with the National Police Chief’s Council and industry experts – including BAE Systems – to understand the implications of the attack.