Data stolen from Police National Database disappears from dark web

Data from police forces around the country was stolen in a supply chain attack. But now it has been removed from the dark web.

Stolen data from UK police has been posted on – then removed from – the dark web. Russian hacking group Cl0p launched a supply chain attack against IT services provider Dacoll, a company that handles access to the Police National Computer (PNC), a database containing information about millions of people.

After a ransom demand was refused, Cl0p posted the information, reportedly including close-up images of drivers recorded by ANPR cameras, from the breach on a dark web site. But this has since been removed, leading experts to suspect swift action has been taken against the gang, or that it may have had second thoughts about selling such sensitive information.

Police data stolen in supply chain attack

The attack, first reported yesterday, saw Scottish ITSP Dacoll’s systems infiltrated via a phishing link. The attack appears to be a supply chain attack, similar to those of Kaseya MSP and Solar Winds. “The data was stolen from a company that was handling data on behalf of the police, who relied on that supplier to keep it safe and secure,” explains John Shier, senior security advisor at Sophos. “In our opinion, this fits the broader definition of a supply chain attack because it uses a third-party as a proxy to attack an organisation’s data or services.”

Supply chain attacks have spiked in popularity in the cybercrime world, alongside ransomware attacks, in the past year. According to a report released by software development platform Sonatype “cyberattacks against software supply chain targets exploiting weaknesses in open-source ecosystems have surged by 650% YOY in 2021.”