Update on Federation cyber attacks

1 May 2019

Derbyshire Police Federation has thanked members for their patience while it has been without access to its IT systems for more than a month.

The branch’s IT systems – along with those of the national Federation and branches across England and Wales – were disabled at the end of March after a string of cyber attacks.

“We understand this has been very frustrating for members who have not been able to get hold of us in the usual way nor access information,” says Tony Wetton, chair of Derbyshire Police Federation.

"We would like to thank everyone for their patience and assure them that we are now doing everything we can to get back to normal. While our website is clearly back up and running, we are doing further checks and would urge members to contact us if they spot anything that’s not as should be or if links are not working and that kind of thing.”

Systems at the Police Federation of England and Wales (PFEW) HQ in Leatherhead were subject to a malware attack which impacted a number of databases and servers on Saturday 9 and Thursday 21 March.

As a result, The Hub (the internal website for reps) was disabled and we were unable to update our website. The national website was also affected.    

The PFEW had been alerted to the first incident – which only affected HQ – at around 7pm on 9 March through security systems, but the second attack affected the majority of local branches.

On becoming aware of the attacks, the Federation immediately disconnected the network to stop further spread before reporting them to the National Cyber Security Centre (NCSC), the National Crime Agency (NCA) and the Information Commissioner’s Office (ICO). 

Following the first attack, BAE Systems – a leading forensics firm – was instructed to help with the response.  The PFEW is continuing to work with BAE Systems and the company was on site during the second attack.

There is no evidence any personal data has been extracted from the Federation at either Leatherhead or any branch, however, this cannot be ruled out and investigations continue. While the risk of data being extracted or misused is low, the PFEW alerted members as to the potential risk at the earliest opportunity. 

The complex matter is the subject of a criminal investigation and the PFEW has had to liaise carefully with relevant authorities as to the information that can be made public, therefore they were unable to notify members sooner.

National chair John Apter said: “The impact on PFEW systems is significant and I want to offer my reassurance that we are doing everything possible, working with the National Crime Agency and BAE Systems – who are experts and professionals in this type of criminal activity – to stop any further damage. 

“The necessary steps were taken to tackle the first attack and re-establish business and support for our members.”

Indications are that the first attack was not targeted specifically at the PFEW and was likely part of a wider campaign, but we cannot speculate as to the second attack at this stage.

John continued: “Everyone and anyone is vulnerable to cyber attacks like this and unfortunately the reality is that once hit, you can become the target of further attacks.

“Our priority remains to secure and stabilise the situation in order to get branches back up and running as soon as possible, with our members at the forefront of all decisions that are being made.”

The NCSC recommends PFEW members be vigilant to suspicious emails, texts and phone calls. 

Those concerned about fraud or lost data can visit Action Fraud or call 0300 123 2040. 

Advice can also be obtained from the National Cyber Security Centre.

For more information please read the Federation’s cyber attack FAQs.