Cyber Incident Victim: Guntrader

In July 2021, Guntrader.uk, a UK-based firearms sales platform, suffered a security breach resulting in the theft of approximately 100,000 customer records. The company discovered the incident on Monday, July 19, 2021, and promptly notified the UK Information Commissioner's Office. Attackers exfiltrated names and addresses of customers but did not access information detailing gun ownership or firearm storage locations. The stolen data was subsequently published on a dark web forum, exposing individuals potentially linked to firearm possession. The South West Regional Cyber Crime Unit (SWRCCU) led the criminal investigation, with support from the National Crime Agency, which confirmed collaboration with Guntrader.uk to assess the incident's impact. Company representative Simon Baseley stated this marked the first successful breach of their systems in 20 years of operation, noting no evidence of financial extortion attempts or politically motivated objectives behind the attack.

The data exposure raised immediate security concerns among affected gun owners, with one individual anonymously telling the BBC the breach compromised firearm security protocols and increased risks of criminal targeting against their family. UK firearms legislation mandates strict storage requirements, intensifying fears that leaked addresses could facilitate theft attempts. The British Association for Shooting and Conservation (BASC) issued public advisories urging members to reinforce home security, verify firearm storage compliance, and report suspicious activities to police. Law enforcement agencies reiterated existing security guidance for firearm certificate holders, emphasizing that most UK police forces conduct pre-licensing security inspections. Guntrader.uk coordinated with investigative agencies to mitigate consequences but confirmed no direct communication from threat actors regarding ransom demands or exploitation of the stolen data.