Met Police security breach: The key questions as force on 'high alert' after officers' details hacked

It may be difficult to prevent future leaks of police data, a former officer has said.

Graham Wettone, a frequent policing commentator on Sky News, also said he had concerns about the outsourcing of information.

The Metropolitan Police is on high alert following a significant breach that led to officers' and workers' details being hacked.

The breach occurred when cybercriminals managed to infiltrate the IT systems of a contractor responsible for printing warrant cards and staff passes.

It follows another leak in Northern Ireland, with dissident republicans claiming to be in possession of the data.

Outsourcing is "now common practice across many organisations and the majority are secure and keep information safe", said Mr Wettone, who was a Met officer for more than 30 years and now lectures on policing.

The key questions are the extent of the breach and "how it happened and by whom", he added.

But while outsourcing can be "very efficient", any information that is shared needs to be "limited to what is essential for the task and then kept secure by the company receiving it", he commented.

In terms of preventing future hacks, Mr Wettone said cyber security experts should be called in to review any companies information is outsourced to, and such firms should have "very high levels of security".

He added, however: "I'm not sure it can be totally prevented in this day and age so managing any risk and limiting what is supplied is key."

There have been suggestions that Russian hackers may be targeting British infrastructure.

Mr Wettone said there are a "number of sources or suspects for any form of hacking" targeting police forces.

He went on: "It is a sign of the technological world we now live in with personal data being held online."

Read more:
Judge calls for Metropolitan Police review of 999 speeds
Wife of PSNI officer says they are 'living in fear' after data breach

Looking at specifics, Mr Wettone said the leaked Met information was "restricted to names, vetting level and warrant numbers" and so was "essentially professional information".

Personal addresses or phone numbers were not included.

"Officers will often provide similar details when applying for bank accounts or insurance products or club memberships so depending on the actual detail of the breach it may not be as concerning as some are predicting," Mr Wettone said.

Nevertheless, a prompt investigation is required, followed by an "equally quick dissemination to all staff on the details and level of information obtained", he added.

Most officers are "pragmatic about names and profession being online or public", Mr Wettone said.

"Some may not openly divulge they are police officers but understand that information is known to many organisations and held on databases."