Sign in / up

back to article More UK cops' names and photos exposed in supplier breach

London's Metropolitan Police has said a third-party data breach exposed staff and officers' names, ranks, photos, vetting levels, and salary information. In a statement posted on the cops' website, the force said miscreants broke into a supplier's IT system, and used that unauthorized access to steal personnel information. The …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mike 137 Silver badge

    "Security measures have been taken by the MPS as a result of this report," the statement said

    Always after the data breach. The only viable security is proactive security -- making your infrastructure the hardest possible nut to crack commensurate with the value/sensitivity of the information to be protected -- before it's been breached.

    The big problems that prevent this are [1] the up front cost, which usually seems unnecessary because "nothing's happened yet", [2] the utter uselessness of current common practice in risk assessment, which typically causes assessment results to be meaningless, [3] a fundamental misapprehension that 'policies' automatically drive behaviours, [4] an almost complete lack of adequate training for staff at all levels, right up to the executive, who frequently get exempted from the (typically useless) so-called 'training' provided.

    Until these deficiencies are fixed, there'll be no such thing as genuine infosec, so the adversary will usually win.

    26 0 Reply
    1. alain williams Silver badge
      Reply Icon

      Re: "Security measures have been taken by the MPS as a result of this report," the statement said

      We have not yet been told "lessons will be learned", after which we will all be able to relax safe in the knowledge that it will never happen again -- not!

      10 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        Re: "Security measures have been taken by the MPS as a result of this report," the statement said

        Lessons should be learned from mistakes but it's best if you can learn them from other people's mistakes.

        5 0 Reply
        1. cyberdemon Silver badge
          Reply Icon
          Facepalm

          Re: "Security measures have been taken by the MPS as a result of this report," the statement said

          No doubt someone will be "Laser Focused" on security from here on in.

          Next politician to say that gets fed to the sharks

          5 0 Reply
          1. elsergiovolador Silver badge
            Reply Icon

            Re: "Security measures have been taken by the MPS as a result of this report," the statement said

            What sharks done to you?

            8 0 Reply
          2. Derezed
            Reply Icon

            Re: "Security measures have been taken by the MPS as a result of this report," the statement said

            I think they cut the sharks in the last budget. Outsourced to Anchovies I believe…more cost effective

            4 0 Reply
            1. John Brown (no body) Silver badge
              Reply Icon

              Re: "Security measures have been taken by the MPS as a result of this report," the statement said

              ...with teeny, tiny lasers?

              1 0 Reply
              1. Derezed
                Reply Icon

                Re: "Security measures have been taken by the MPS as a result of this report," the statement said

                I believe there was no money left for lasers…it is said that they are both mutated and Ill tempered

                0 0 Reply
        2. LybsterRoy Silver badge
          Reply Icon

          Re: "Security measures have been taken by the MPS as a result of this report," the statement said

          One of my favourite comments is:

          You have to learn from other people's mistakes, you don't have time to make them all yourself.

          0 0 Reply
  2. cantankerous swineherd

    nothing to hide, nothing to fear.

    14 2 Reply
    1. Headley_Grange Silver badge
      Reply Icon

      Since you don't post with your real name I wonder what you've got to hide.

      2 1 Reply
      1. Nifty Silver badge
        Reply Icon

        Thanks for your interesting post, Mr. Grange

        4 1 Reply
    2. TheMaskedMan Silver badge
      Reply Icon

      "nothing to hide, nothing to fear."

      And yet they are fearful. I can understand why, and I sympathise to some extent. This sort of cockup just shouldn't happen, and it's obvious that some bobbies may be put at unreasonable risk, to say nothing of the possibilities for impersonating a police officer.

      But perhaps now they will understand why many people are not too keen on police forces sucking up information like an overenthusiastic sponge. Many of US don't have anything to hide, either, but we are still rightfully afraid of what might be done with our personal data in the name of law enforcement. If they can't keep their own stuff secret, how can we expect them to keep our details confidential?

      The potential for internal abuse / misuse together with external unlawful access, regardless of whether or not that is a consequence of incompetence, do not inspire confidence.

      13 0 Reply
    3. ethindp
      Reply Icon

      Nothing to hide? Really? Do you tell your friends all your credit card numbers, identity information, passwords, etc? Yeah, I didn't think so. So much for nothing to hide....

      3 0 Reply
    4. JT_3K
      Reply Icon

      You say that, but look at the lady stabbed by a member of the general public because "he thought she was employed by GCHQ". No worry about what she has or has not been part thereof, no comment about her role (could have been anything from senior to the onsite cleaner). There's lots to fear because "people" are muppets.

      And believe me, I'm not passing comment on the effectiveness, engagement or activities of UK police in any capacity: positive or negative.

      0 0 Reply
  3. elsergiovolador Silver badge

    IR35

    After IR35 changes British businesses lost access to skilled workers - they retired early or moved on.

    The IT incidents will be piling on...

    5 6 Reply
    1. IGotOut Silver badge
      Reply Icon

      Re: IR35

      So contractors never fucked up? New one on me.

      13 3 Reply
      1. elsergiovolador Silver badge
        Reply Icon

        Re: IR35

        We didn't hear of as many incidents prior to the changes to legislation.

        If contractor efs up, their business is in a pickle if they don't have adequate insurance, so they must be extra sure they don't ef up.

        Now hiring a zero hour IT deemed employee worker doesn't come with such reassurances.

        4 4 Reply
        1. Headley_Grange Silver badge
          Reply Icon

          Re: IR35

          "We didn't hear of as many incidents prior to the changes to legislation."

          Maybe the reporting restrictions were less prescriptive or there are more bad actors out there than there used to be.

          3 1 Reply
          1. elsergiovolador Silver badge
            Reply Icon

            Re: IR35

            Or maybe it was the legislation that made it more difficult to access competent workforce.

            I think you are not aware how many projects were turned upside down in 2021 because of mass exodus of experts.

            0 0 Reply
    2. Cav Bronze badge
      Reply Icon

      Re: IR35

      Nonsense. Many places are still only just updating processes and infrastructure to use technology. Training hasn't kept up and more people doing more online leads to more errors. IR35 changes are irrelevant.

      2 1 Reply
      1. LybsterRoy Silver badge
        Reply Icon

        Re: IR35

        and don't forget pure incompetence!

        1 0 Reply
      2. elsergiovolador Silver badge
        Reply Icon

        Re: IR35

        These changes are entirely relevant.

        Before the changes any expert in their field would have incorporated to receive fair compensation for their expertise and look to expand their business. They could fund training and upskill in areas where there was a market need and fill in the gaps their clients had in their projects.

        IR35 has closed that path. People no longer have an incentive to upskill and software development has become very much a dead end, if you are not coming from a wealthy background.

        This has been done to stop people leaving from big consultancies or their jobs and starting competing business.

        In the past, if business had to adapt a new technology, their workers were not familiar with, but was necessary for growth, they would have hired an independent business to set everything up and train their workers and offer support. This is now only available from big consultancies who are exempt from IR35, but their quality is very poor.

        0 0 Reply
  4. sitta_europea Silver badge

    If they're that careless with information about their own staff, what must it be like in the complaints department?

    8 0 Reply
    1. elsergiovolador Silver badge
      Reply Icon

      Maybe complaints are stored securely in /dev/null ?

      7 0 Reply
    2. heyrick Silver badge
      Reply Icon

      The rozzers have a complaints department? Would that be the dark room at the end of a corridor lined with snarling men holding their truncheons in a menacing manner?

      7 1 Reply
      1. Red Or Zed
        Reply Icon

        Of course not, that's completely ridiculous!

        It'll be just down these stairs.

        Mind you don't trip...

        8 0 Reply
        1. Derezed
          Reply Icon

          And if you DO trip, don’t get accidentally rolled up in the loose carpet and hit those loose rubber hoses on the way down

          0 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    In a statement posted on the cops' website, the force said miscreants broke into a supplier's IT system, and used that unauthorized access to steal personnel information.

    Tell me that you entrusted the job to Capita without telling me that you entrusted the job to Capita

    17 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    I can only hope

    that the locks on prison cells are more secure than the locks on the data

    1 0 Reply
  7. Anonymous Coward
    Anonymous Coward

    Oh, Suealla

    Welcome to Brexit Britain, a strange mirror world, where even the surveillance state program is ass backwards.

    4 6 Reply
    1. Cav Bronze badge
      Reply Icon

      Re: Oh, Suealla

      You had to force a Brexit moan into a subject to which it is entirely irrelevant.

      6 2 Reply

  8. This post has been deleted by its author

  9. Anonymous Coward
    Anonymous Coward

    What a right cop up!

    Allo, Allo, Allo.

    Goodbye, goodbye, goodbye…

    0 0 Reply
  10. Anonymous Coward
    Anonymous Coward

    Nothing to fear, Nothing to hide....

    (1) Wayne Couzens

    (2) David Carrick

    (3) .....and the beat goes on..................

    0 0 Reply
  11. Christoph

    "There is also a huge concern that photographs of police on undercover units, surveillance or in sensitive areas like counter-terrorism could fall into the wrong hands,"

    The terrifying possibility that women in entirely legal protest groups might find out that their 'boyfriend' is an undercover Met officer spying on them and all their friends and using them as a useful tool.

    0 0 Reply
  12. Anonymous Coward
    Anonymous Coward

    "...exposed staff and officers' names... and salary information"

    HR will be apoplectic - employees are not allowed to know their colleagues salaries.

    HR policy on salaries is divide and conquer.

    Every MPS employee now has a significant incentive to view that data.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like