Cyber Security News Roundup – 14th August 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Northern Ireland police data breach reveals names and roles of serving officers

8/8

On Tuesday, the Police Service of Northern Ireland (PSNI) was forced to investigate a data breach that reportedly led to the names and job roles of thousands of serving officers being published onto a public website. In the wrong hands, this data could cause “incalculable damage” in a region where police officers are often targeted – a senior detective in the force only recently survived a murder attempt. The leaked data was available for more than two hours, published as part of a freedom of information request with no information immediately available as to the identity of the requester. PSNI Assistant Chief Constable Chris Todd apologised for the “simple human error”, which he described as “unacceptable”. Fortunately home addresses weren’t contained in the leaked data, but with the terrorism threat level increasing to “severe” back in March, the lives of staff and their families could have been put at risk.  (Financial Times)

'Successful' cyber attack on elections body put details of more than 40 million voters at risk

8/8

Last week the Electoral Commission revealed that it was targeted by a successful cyber attack, which allowed criminals access to reference copies of electoral registers containing the names and addresses of anyone registered to vote between 2014 and 2022. The attack was first identified back in October 2022, but the hackers had first accessed the Commission’s systems in August 2021 – meaning the unidentified criminals had undetected access for over a year. At the time of the initial attack, more than 43 million individuals were on the register; whilst the data for many of these people is publicly available on the open register, 28 million had opted out. The Information Commissioner’s Office has since stated that it is investigating. (Sky News)

Hackers from Russia and China breached Foreign Office systems

11/8

Reports have emerged that the Foreign Office’s emails and internal messages were breached by Chinese and Russian hackers in 2021, enabling threat actors to see the day-to-day business of the government department. Details of the attack were kept hidden from the public, with the attack failing to reveal classified information, but it raised concerns about the government's security measures. It is likely that the breach was caused by a staff member accidentally downloading malware contained within an email – inside sources from GCHQ and the Foreign Office stated that “government departments are culturally apathetic about security and particularly cyber security”, and that both Russia and China had access at the same time, with separate attacks. The sources also stated that the government was left not knowing “whether they should admit it or not”. (Metro)

Another police force admits data breach after staff salaries published

11/8

Following the news of the data breach at the Police Service of Northern Ireland, Cumbria Police have now revealed that they have also suffered a breach. The Force stated that on the 6^th of March information about pay and allowances had been uploaded to its website following a “human error”, adding that the impact of the breach was “low” but that all affected individuals would be contacted. Removed immediately once identified, the leak contained names and job roles but included no other personal information, such as addresses and dates of birth. The breach was also referred to the Information Commissioner’s Office, which stated that no further action was necessary. (The Independent)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!