Dutch Police Confirm Phishing Attack with Limited Impact The Dutch National Police (Politie) disclosed a security breach stemming from a successful phishing attack, confirming that the incident had a limited impact and did not compromise citizens' data or investigative information. The agency’s Security Operations Center detected the attack swiftly and blocked the attackers' access to compromised systems. While the full scope of the breach remains under investigation, authorities stated that no sensitive citizen or operational data was exposed. A criminal investigation has been launched, though details including the timing of the attack, affected systems, and whether employee data was accessed have not been released. A police spokesperson did not immediately respond to requests for further information. This incident follows a separate September 2024 data breach linked to a state-sponsored cyberattack, which resulted in the theft of work-related contact details for multiple officers, including names, email addresses, phone numbers, and, in some cases, private data. The ongoing investigation has not attributed the attack to a specific threat group or revealed the attack vector. In response to the earlier breach, the Dutch police implemented enhanced security measures, including continuous system monitoring and mandatory two-factor authentication for officer logins. Additionally, in February 2024, Dutch authorities arrested a 40-year-old man for attempting to extort the police using confidential documents accidentally shared by the agency.

Police in Manchester, England, reported that a third-party provider who stores some of the company's personnel information had been the victim of a ransomware assault. Financial information is not thought to have been part of the compromised data, according to Greater Manchester Police (GMP). McFarlane said that GMP had spoken with the Information Commissioner's Office in Britain regarding the issue. The names, ranks, and vetting statuses of its officers and personnel were accessible through an illegal entry to one of its suppliers' IT systems, according to the Metropolitan Police of London.

The Metropolitan Police is investigating a possible data breach after unauthorized access was gained to the systems of one of its suppliers. The police department claimed that the corporation possessed names, ranks, pictures, vetting levels, and pay numbers for officers and personnel and that it was investigating whether any data had been accessed. A Met representative said the organization in question did not hold personal information like addresses, phone numbers, or financial information but declined to specify when the breach happened or how many employees may have been affected. The National Crime Agency (NCA) and the information commissioner have both been notified of the occurrence.

The Metropolitan Police Service (MPS)—the UK’s largest police force—has been at the center of a rising wave of data breaches, recording 2,271 incidents since 2022, the highest among UK law enforcement agencies. These breaches stem from a mix of human error (e.g., misdirected emails, unauthorized data access, failure to redact sensitive details, or accidental publication of records) and cyber threats, including potential ransomware and malicious insider activity. The exposed data often includes highly sensitive personal information—such as names, addresses, phone numbers, and criminal records—of victims, suspects, and even police personnel. A notable case involved the incorrect merging of victim and suspect records, leading to processing inaccuracies, compromised investigations, and potential leaks of sensitive data. Such breaches erode public trust, risk financial or psychological harm to affected individuals, and have already resulted in 291 compensation claims totaling £501,370 in payouts since 2022. The MPS’s repeated failures highlight systemic vulnerabilities in data handling, despite obligations under the Data Protection Act 2018. The escalating frequency of incidents (from 2,711 in 2022/23 to 4,759 in the latest year) underscores the urgent need for stricter protocols, staff training, and encryption measures to mitigate further exposure of critical law enforcement data.