Federation cyber attacks: an update

3 May 2019

West Midlands Police Federation has thanked members for their patience while its IT systems have been down.

The branch’s IT systems – along with those of the national Federation and branches across England and Wales – were disabled more than a month ago after a string of cyber attacks.

“We really appreciate the impact this has had on our members and would like to put on our record our thanks to officers as I am sure it has been very frustrating not to be able to access information or contact workplace representatives and Federation officials in the usual ways,” says Rich Cooke, branch chair.

“We have been trying our best to maintain our services and we are now looking forward to getting back to business as usual.

“Please bear with us as we check and update content across the website now that it is back up and running. If you have any queries, think information is missing or come across a broken link please contact us.”

Systems at the Police Federation of England and Wales (PFEW) HQ in Leatherhead were subject to a malware attack which impacted a number of databases and servers on Saturday 9 and Thursday 21 March.

As a result, The Hub (the internal website for reps) was disabled and we were unable to update our website. The national website was also affected.    

The PFEW had been alerted to the first incident – which only affected HQ – at around 7pm on 9 March through security systems, but the second attack affected the majority of local branches.

On becoming aware of the attacks, the Federation immediately disconnected the network to stop further spread before reporting them to the National Cyber Security Centre (NCSC), the National Crime Agency (NCA) and the Information Commissioner’s Office (ICO). 

Following the first attack, BAE Systems – a leading forensics firm – was instructed to help with the response.  The PFEW is continuing to work with BAE Systems and the company was on site during the second attack.

There is no evidence any personal data has been extracted from the Federation at either Leatherhead or any branch, however, this cannot be ruled out and investigations continue. While the risk of data being extracted or misused is low, the PFEW alerted members as to the potential risk at the earliest opportunity. 

The complex matter is the subject of a criminal investigation and the PFEW has had to liaise carefully with relevant authorities as to the information that can be made public, therefore they were unable to notify members sooner.

National chair John Apter said: “The impact on PFEW systems is significant and I want to offer my reassurance that we are doing everything possible, working with the National Crime Agency and BAE Systems – who are experts and professionals in this type of criminal activity – to stop any further damage. 

“The necessary steps were taken to tackle the first attack and re-establish business and support for our members.”

Indications are that the first attack was not targeted specifically at the PFEW and was likely part of a wider campaign, but we cannot speculate as to the second attack at this stage.

John continued: “Everyone and anyone is vulnerable to cyber attacks like this and unfortunately the reality is that once hit, you can become the target of further attacks.

“Our priority remains to secure and stabilise the situation in order to get branches back up and running as soon as possible, with our members at the forefront of all decisions that are being made.”

The NCSC recommends PFEW members be vigilant to suspicious emails, texts and phone calls. 

Those concerned about fraud or lost data can visit Action Fraud or call 0300 123 2040. 

Advice can also be obtained from the National Cyber Security Centre.

For more information please read the Federation’s cyber attack FAQs.