More than 12,500 Greater Manchester Police (GMP) officers and staff have been alerted that their personal data may have been compromised in a ransomware attack on a third-party supplier. The breach, which also affected the Metropolitan Police last month, involved the theft of details from warrant cards, including names, ranks, photos, and serial numbers.
The National Crime Agency (NCA) has launched a criminal investigation into the attack on Digital ID, a Stockport-based firm that produces identity cards and lanyards for various UK organisations, including NHS trusts and universities. The NCA is working with the National Cyber Security Centre and the Information Commissioner's Office to assess the impact.
Toby Lewis, a former incident manager at the National Cyber Security Centre, warned that the breach could affect tens of thousands of public sector workers. He stated that if Digital ID produced a pass, personal details used to generate it could have been accessed and potentially leaked if the ransom is not paid.
Digital ID said it notified cyber experts last month and insists that most clients are unaffected, as they produce cards in-house. However, a small number, including the Met and GMP, provided employee data to the firm for card printing. The breach raises serious security concerns given the sensitive nature of police work.
The Police Federation has raised concerns about outsourcing operational data, and Mike Peake, chair of the Greater Manchester Police Federation, said officers are understandably anxious. GMP faces questions about why it took nearly three weeks to inform staff after the breach became public.



