The UK Met Police is investigating a massive data breach that leaked the personal information of law enforcement officers and staff, potentially exposing the identity of undercover agents.
The law enforcement agency said the potential leak stemmed from “unauthorized access to the IT system of a Met supplier.”
The Metropolitan Police Service (MPS, the Met, or Scotland Yard) is the largest police department in the UK and the second-largest in the world after the NYPD. It polices the greater London area except the City of London proper, which is under the City of London Police.
Met Police data breach exposed undercover and counter-terrorism cops
According to The Sun, the breached organization was responsible for producing warrant cards and staff passes for identification. The Met Police Department said that the company had access to names, ranks, photos, vetting levels, and pay numbers for officers and staff. Former Met Police commander John O’Connor said individuals could access a secure area using the leaked details.
However, the company did not hold personal information such as addresses, phone numbers, or financial details.” About 47,000 law enforcement officers and staff, including undercover and counter-terrorism cops, were potentially exposed.
Exposing the names and photographs of undercover officers, especially those from minority backgrounds working within communities, could significantly endanger their lives.
Similarly, violent groups like the Republican Army that frequently attacks the police could use the information for targeting. The Met has advised its officers to remain vigilant for potential attacks.
Meanwhile, the Met Police has reported the data breach to the National Crime Agency and the Information Commissioner’s Office for further investigation. The Scotland Yard said it had taken additional security measures and was working with the company to assess the risk.
Rick Prior, the Vice Chair of the Metropolitan Police Federation, which represents more than 30,000 officers, described the Met Police data breach as a “staggering security breach that should never have happened.”
“Metropolitan Police officers are – as we speak – out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” Prior said, adding, “To have their personal details potentially leaked out into the public domain in this manner – for all to possibly see – will cause colleagues incredible concern and anger.”
UK is plagued by law enforcement data breaches
The Met Police data breach follows a string of data security incidents rocking the UK’s law enforcement agencies.
In August 2023, the Police Service of Northern Ireland (PSNI) disclosed a data breach from human error that exposed the personal information of nearly 10,000 PSNI officers.
The Norfolk and Suffolk constabularies also disclosed in August 2023, that they exposed confidential raw crime data, including personal information of over 1,000 “victims, witnesses, and suspects” and descriptions of various offenses via Freedom of Information (FOI) responses.
In the same month, the South Yorkshire Police Department lost nearly two years of bodycam police footage filmed by officers as they attended incidents or engaged with the public, impacting roughly 69 cases.