A recent cyber attack involving Greater Manchester Police (GMP) has highlighted the growing risks organisations face when third-party suppliers are targeted by cyber criminals. The incident, which involved supplier Digital ID, may have exposed sensitive employee data belonging to thousands of police staff.
The breach serves as a stark reminder that even when organisations have strong internal cyber security, vulnerabilities in the supply chain can still lead to serious data exposure.
What Happened in the GMP Cyber Attack?
Greater Manchester Police confirmed that Digital ID, a supplier used by several UK organisations, suffered a ransomware attack that may have allowed hackers to access information relating to GMP employees.
Early reports suggest that more than 20,000 records may have been affected. The compromised data is believed to include names and photographs of police officers and staff, raising concerns about personal safety and privacy.
However, authorities have stated that financial information is not believed to have been included in the breach.
Assistant Chief Constable Colin McFarlane addressed the incident in a public statement:
“We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP.
At this stage, it’s not believed this data includes financial information.
We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioner’s Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.
This is being treated extremely seriously, with a nationally led criminal investigation into the attack.”
Authorities are continuing to investigate the incident as part of a national cyber crime investigation.
ICO Responds to the Data Breach
The Information Commissioner’s Office (ICO) has confirmed it has been notified about the breach and is reviewing the circumstances surrounding the attack.
Elizabeth Baxter, Head of Cyber Security Investigations at the ICO, commented on the situation:
“Police officers and staff expect their information to be kept secure and are right to be concerned when that doesn’t happen.
This incident has been reported to us, and we’ll now be looking into what happened and asking questions on behalf of anyone affected.
Organisations must look after employee information, particularly in sectors where the impact of a data breach could be greater. The ICO works to support organisations to get this right so people can feel confident that their information is secure.”
The ICO’s involvement reflects the seriousness of the breach, particularly given the sensitive nature of law enforcement data.
The Growing Risk of Supply Chain Cyber Attacks
This incident highlights an important cyber security reality: organisations are only as secure as their suppliers.
Even when businesses implement strong internal security controls, cyber criminals increasingly target third-party providers to gain access to valuable data. These supply chain attacks can expose sensitive information, disrupt operations, and damage organisational trust.
Common risks linked to supplier breaches include:
-
Exposure of employee or customer data
-
Unauthorised access to systems
-
Reputational damage
-
Regulatory scrutiny and potential fines
-
Operational disruption
For sectors such as law enforcement, healthcare, finance, and government, the consequences of such breaches can be particularly serious.
How Organisations Can Reduce Cyber Risk
To reduce the likelihood and impact of cyber attacks, organisations should adopt a proactive cyber security strategy that includes supplier risk management.
Key measures include:
-
Conducting cyber security assessments of third-party vendors
-
Implementing multi-factor authentication and access controls
-
Monitoring systems for suspicious activity
-
Ensuring suppliers meet recognised security standards
-
Developing robust incident response plans
A strong cyber security framework not only protects internal systems but also strengthens resilience across the wider supply chain.
Protect Your Organisation from Cyber Threats
Cyber attacks are becoming more sophisticated, and incidents like the GMP data breach show that no organisation is immune.
At Zenzero, we help organisations strengthen their cyber defences through expert security solutions, proactive monitoring, and incident response support.
If you want to learn more about how to protect your organisation from a cyber attack, speak with our team today.