UK police data leaked by Cl0p ransomware group
The stolen data may include the personal information and records of up to 13 million UK residents.
It appears that the data was posted on the ransomware operator’s leak site after the victim, Dacoll, refused to pay an undisclosed amount in ransom to the attackers.
According to the report, Dacoll “handles access to the police national computer (PNC),” which stores UK criminal records data that is used by local law enforcement for investigation purposes.
Up to 13 million criminal records
Cl0p seems to have gained access to Dacoll systems via a phishing attack and exfiltrated the data, which includes PNC information, in October. The Daily Mail states that the UK’s police national computer data may include “the personal information and records of 13 million people.
The report claims that the data leaked by Cl0p also includes images of the faces of speeding drivers from the UK’s national Automatic Number Plate Recognition (ANPR) system.
Dacoll did not reveal the size of ransom that was demanded by the threat actors. A company spokesman told The Daily Mail: “We can confirm we were the victims of a cyber incident on October 5. We were able to quickly return to our normal operational levels. The incident was limited to an internal network not linked to any of our clients' networks or services.”
Data was stolen from Dacoll subsidiaries
Dacoll, based in the UK, has a number of subsidiary companies, two of which - NDI Technologies and NDI Recognition Systems - appear to have been targeted by the Cl0p ransomware gang.
According to The Daily Mail, NDI Technologies provides remote access to the police national computer which is used by 90% of the UK's police officers, while NDI Recognition Systems provides IT support for the ANPR systems, which are also used by law enforcement in the UK.
Cl0p ransomware group is considered a 'big game hunter' attacker due to their volume. The group and its affiliates are credited with carrying out attacks against oil giant Shell, US bank Flagstar and others.
The group is a member of a larger conglomerate named TA505, and groups like F1N11 use ransomware Cl0p developed malicious software.
More from CyberNews
Subscribe to our newsletter