Police Federation

FAQs

1. What has happened?

2. How was the second incident allowed to happen?

3. How did you discover the incident?

4. What happened then?

5. Have you reported it?

6. Is this a criminal enquiry?

7. Has this been reported to the Information Commissioner's Office (ICO)?

8. What is the malware?

9. Who is affected?

10. What systems did it affect? How much data was affected?

11. Was it a direct target to PFEW?

12. How did this happen?

13. What is happening now?

14. Have you alerted people to the fact their data may be compromised?

15. Why have you not made this public before now?

16. Have officers/members details been compromised in anyway?

17. What was held about me as a police officer?

18. What is the PFEW doing?

19. Has it affected business?

20. Have you got anyone to help you?


1. What has happened?

On Saturday 9 and Thursday 21 March HQ systems were subject to a malware attack which impacted a number of our databases and servers. The first attack only affected PFEW's HQ at Federation House, Leatherhead and did not impact on branches. On Thursday 21 March a second attack occurred which has affected the majority of our Branches.

2. How was the second incident allowed to happen?

Following the first malware attack on 9 March we immediately took precautions to secure and stabilise our systems. We are still investigating the second incident. We will provide more detail as it emerges.

3. How did you discover the incident?

We were alerted to the first incident at around 1900 hours on Saturday 9 March through our own security systems.  We were alerted to the second attack at approximately 1445 hours on Thursday 21 March.

4. What happened then?

On both occasions we immediately disconnected our network in order to minimise spread. Following the first attack we instructed BAE systems, a leading forensics firm, to assist with the response. They are continuing to work with us and were on site during the second attack.

5. Have you reported it?

Yes. Both incidents have been reported to the National Cyber Security Centre (NCSC), the National Crime Agency (NCA) and the Information Commissioner's Office (ICO).

6. Is this a criminal enquiry?

Yes. We have been the victim of cyber-attacks. The National Crime Agency (NCA) is leading the criminal investigation and is engaging with the National Cyber Security Centre (NCSC).

7. Has this been reported to the Information Commissioner's Office (ICO)?

Yes. The first incident was reported the incident to the Information Commissioner on Monday 11 March. The second attack was reported to the ICO on Friday 22 March.

8. What is the malware?

The malware is a type of malicious software which seizes and encrypts data. As the matter is subject to an ongoing police investigation we are unable to comment further at this stage.

9. Who is affected?

There is no evidence that any personal data has been extracted from PFEW at either the HQ or any of its branches. However, we cannot rule this out and investigations continue. We have been contacting various categories of individuals who may be affected and providing them with details as to where they can get help and further information.

10. What systems did it affect? How much data was affected?

Most of our systems have been affected but it's too early to tell how much of the data that has been encrypted can be recovered.

11. Was it a direct target to PFEW?

Indications are that the first attack was not targeted specifically at PFEW and was likely part of a wider campaign. We cannot speculate as to the second attack at this stage. Both incidents are still being investigated and we will provide more detail when the facts emerge.

12. How did this happen?

On becoming aware of the attacks we immediately reacted and put in place a number of measures in order to stop their further spread. Following the second attack we immediately disconnected our network to prevent further spread, alongside experts from BAE Systems. These attacks were malicious, criminal acts which are being investigated by the National Crime Agency.

13. What is happening now?

We are continuing to work with various experts to restore systems and minimise disruption for those potentially affected and to provide as much information as we can.

14. Have you alerted people to the fact their data may be compromised?

Yes. Whilst there is no evidence that personal information was been extracted, we wanted to alert individuals as to the risk at the earliest opportunity.

15. Why have you not made this public before now?

The matter is complex and has been the subject of a criminal investigation. We have had to liaise carefully with relevant authorities as to the information that can be made public.

16. Have officers/members details been compromised in anyway?

There is no evidence at this stage that any data was extracted from our systems, although this cannot be discounted.

17. What was held about me as a police officer?

The National Membership Database was affected and that includes the name, ranks and serving force of around 120,000 serving police officers up to the rank of chief inspector, along with their police pnn email address and National Insurance number. If you had retired before 1 January 2019 then your details will not be on there.

The claims case management system is a database for any members who have requested PFEW assistance for any investigation, inquiry or complaint during their service which has been dealt with by HQ at Leatherhead. We only hold data for current cases and for six years after a claim is closed. If your case was either still open – ie an ongoing case – or within the six year retention period your details may in some cases include your name, address, National Insurance number, bank details and details of the case.

Our hotel booking system was also affected. If you stayed as a Federation rep as part of a course for your Federation duties then your name and home force would be affected. If you stayed for leisure purposes outside of work reasons then whatever details you gave at the time would be there if it was within the last year, this generally includes names, addresses, emails, vehicle registration number and credit card details. Full credit card details are retained for only six months. Customers who booked with us between 8 September 2018 and 21 March 2019 should be vigilant to any unrecognised activity on their account. Prior to 8 September only four digits of the card have been kept, preventing the use of the card number. We reiterate that there is no evidence at this stage that any data was extracted from our systems.

Those concerned about fraud or lost data should contact Action Fraud. Action Fraud’s online fraud reporting tool any time of the day or night, or call 0300 123 2040. For further information, visit the Action Fraud Website.
Advice can also be obtained from the National Cyber Security Centre.

We have instructed a leading forensics firm to help us investigate the matter and it is subject to a criminal investigation by the National Crime Agency.

18. What is the PFEW doing?

We are continuing to work with various experts to rebuild our systems. We are working with our instructed forensics firm BAE Systems , the National Crime Agency and the National Cyber Security Centre to fully understand the implications for us, our staff, our members and all those we hold data on.

19. Has it affected business?

Yes, albeit we are trying to minimise disruption as far as is possible. There may be delays in
some aspects of business processing.

20. Have you got anyone to help you?

Yes. Cyber experts are advising us. We instructed BAE Systems, a leading forensics firm to assist with investigations for us to fully understand the implications for us, our staff and for our members. The National Cyber Security Centre is also assisting.

We use cookies on this website, you can read about them here To use the website as intended please... ACCEPT COOKIES