'Small number’ of staff details hacked from force website

BTP said it was made aware of “a threat to the newsroom section” of its website – hosted by an external supplier. The main page was unaffected but clicks on the “latest news” link are directed to a Tumblr blog run by the force. 

Checks carried out by BTP, the National Cyber Security Centre and the National Crime Agency found details of “a small number” of staff were leaked. It is not clear how much personal information relating to staff members was exposed.  

A force spokesman said: “This system has no affiliation with the force’s crime management or command and control systems and has not compromised the force’s operational capabilities. All the relevant authorities have been notified of this incident.” 

An investigation is being carried out by the BTP, National Crime Agency and the National Cyber Security Centre. 

The incident comes just weeks after the computer systems of the Police Federation of England and Wales (PFEW) were struck by a malware attack that, at one point, threatened to spread across the entire organisation. 

The staff association representing almost 120,000 officers was alerted to an attack on March 9 by its cyber security systems, which triggered experts into isolating the attack and stopping it spreading to its 43 individual branches. 

The attack is not thought to have specifically targeted the PFEW, rather it is more likely to be part of a wider campaign, the organisation said. Data affected by the breach included officers’ names and ranks, emails, national insurance numbers, banking details and confidential information regarding complaints against officers. 

Credit card details of individuals who have used the Police Federation’s conference and hotel facilities were also compromised in the attack.