This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Herfordshire Police reports externally hosted database was hacked with data published

Share this article:
Met Police warns off wannabe hackers, teenage collars in danger of being felt
Met Police warns off wannabe hackers, teenage collars in danger of being felt

The website of Hertfordshire Police has been hacked,, with login details and passwords for dozens of officers published.

According to BBC News, Hertfordshire Police confirmed that information stored on an externally hosted database had been published on the internet and that the data, including phone numbers and IP addresses, relates to a number of officers in Safer Neighbourhood Teams.

A statement said that it was investigating the incident and as a precaution, the pages had been temporarily disabled whilst the circumstances as to how this information was obtained was investigated.

“There is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromised. Nevertheless matters of IT security are extremely important to the Constabulary and an investigation is already under way,” it said.

The hacker added an ‘OpFreeAssange' banner to the details posted online, however, the hacker wrote ‘I am not a member of Anonymous'.

Catalin Cosoi, chief security researcher at Bitdefender, said: “The unknown attacker extracted from the second breached website what appear to be police officers' email addresses, passwords to those email accounts and a list of PINs probably employed as additional safety tools.

“Several user logs have also been made public, exposing a list of employee names and corresponding IPs that could be used in cyber crime operations requiring identification of a specific machine, containing a particular type of data.”

Paul Vlissidis, technical director at NCC Group, said: “Externally hosted databases are like any third party supplier – they can be a nasty potential security flaw because their practices and procedures are outside the control of the client.

“Miscreants are certainly very wise to this. We need to move towards a culture where it's common policy to audit external suppliers and make sure their security is up to scratch.”

Ash Patel, country manager for UK and Ireland at Stonesoft, said: “The most worrying aspect of this attack is that the hackers only made themselves known once they had have achieved what they set out to.

“This raises an important question as to what other damage may have been caused and whether any other data was stolen that the force is currently not aware of. Furthermore, the organisation should think about potential Trojans that may have been left as sleepers in the database/network.

“Public sector organisations need to understand that, by hosting sites with third parties or outsourcing such important services to system integrators, does not take responsibility away from those who are employed to ensure the security of ‘our' data. It is time that it was made clear that the responsibility lies with the government and its employees in the same way that the nation's security lies with the armed forces.

“It is also important to note that Hertfordshire Police's website was externally hosted and this, as always, highlights that when employing this parties to host sites, the first and most important question that should be asked is with regards to security, after which can come questions around cost and availability. This is even more so the case when the organisations are of public interest.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).