A notorious Russian cybercrime group has released confidential UK police data onto the dark web following an October 2021 hack.
The group, Clop, stole the information from Dacoll, which handles the UK’s Police National Computer (PNC). Clop is well-known in cybersecurity circles for carrying out ransomware attacks before publicly declaring who it attacked and often leaking data online. It is thought the group has acquired over $500 million through its activities.
Dacoll follow trend of not paying ransom to hackers
According to the Daily Mail, which first reported this incident, Clop targeted Dacoll with phishing emails, which enabled the group to gain access to its data. The same attack led to Clop gaining access to the PNC, which holds details of approximately 13 million people relating to their involvement with the police.
The data was leaked after Dacoll followed the now common path of refusing to pay a ransom demand. At the time of writing, neither Dacoll nor Clop had publicly disclosed how much the ransom demand was for. Refusing to pay hackers’ ransom demands is arguably the most sensible course of action for businesses to take, as when data has been stolen, there’s nothing to stop it from being leaked or sold for profit anyway.
The information Clop has leaked onto the dark web so far includes close-up photos of drivers caught speeding. It is unknown what other information Clop holds or whether there will be further leaks in future.
Concerns about management of police data
While any data breach is a severe incident, those involving such sensitive data as that held on the PNC often raise even more significant concerns.
Philip Ingram, a former military intelligence Colonel and security expert, told the Daily Mail: “This is an extremely serious breach of a company providing a capability to police forces across the UK.
“The damage caused by this kind of data leak is unfathomable as it brings into question the cybersecurity arrangements that exist between multiple public and private organizations to manage sensitive law enforcement data.”
NDI Technologies, a Dacoll subsidiary, provides services for 90% of the UK’s police forces, raising the prospect of those being at risk, too.
Crime agencies investigating
Both the UK National Crime Agency and the National Cyber Security Centre are investigating this incident and currently supporting Dacoll and any affected police forces.
A statement given by a Dacoll spokesperson read: “We can confirm we were the victims of a cyber incident on October 5. We were able to quickly return to our normal operational levels. The incident was limited to an internal network not linked to any of our clients’ networks or services.”