Cyber Incident Victim: Sussex Police

Sussex Police experienced multiple security breaches targeting a contained section of their external website during the Christmas period of 2014. Three separate incidents were identified, with investigators noting the possibility of a connection between them. The breaches resulted in unauthorized access to email addresses belonging to police officers and personal email addresses of members of the public who had interacted with the website's services. Amaraghosha Carter, joint head of IT for Surrey and Sussex police forces, confirmed the force initiated a full investigation to determine the origin of the breaches and assess their full impact. Communications staff proactively contacted approximately 270 potentially affected individuals, focusing on providing security guidance related to password management for the community messaging service. The compromised website operated independently from core police systems used for criminal investigations, with no evidence of operational disruption to response capabilities or other IT, web, or telephony infrastructure.

Authorities emphasized that public services remained unaffected throughout the incident. Immediate containment measures were implemented to prevent further website compromise while forensic work continued to identify those responsible. Investigators concurrently conducted system-wide reviews to reinforce IT security resilience across all force systems. Sussex Police publicly requested information related to the breaches and directed concerned citizens to contact them via phone or email using a specific reference number (serial 1483 of 23/12). The force maintained transparency regarding the breach scope while assuring stakeholders that critical law enforcement functions remained insulated from the website security failure. No operational service degradation or secondary system compromises were reported following the initial containment actions.