Cyber Incident Victim: Metropolitan Police Service
Date:
Jul 2019
Location:
United Kingdom
Summary
The Metropolitan Police experienced unauthorized access to their online news provider account, leading to compromised communications through bizarre tweets containing offensive language and references to specific individuals, as well as unusual emails distributed to subscribers. The breach affected the force's verified social media account and press bureau channels, prompting concerns over reliability during emergencies. Security measures were subsequently reviewed and modified, with initial assessments indicating the incident was confined to the third-party platform without broader system implications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 19, 2019, at approximately 23:30 BST, the Metropolitan Police experienced unauthorized access to its digital communications systems. Attackers compromised the force’s verified Twitter account, which had over one million followers, posting a series of bizarre and offensive tweets. These included references to rapper Digga D and an apparent missing child, alongside links to fabricated press releases. Concurrently, the hackers sent a stream of unusual emails from the Met’s press bureau email account. The tweets, later deleted, contained offensive language and named several individuals. The Metropolitan Police confirmed the breach involved their third-party online news distribution provider, MyNewsDesk, which the force used to issue official news releases. Unauthorized messages appeared on the Met’s website, Twitter feed, and email subscriber lists during the incident.
The Met immediately initiated an investigation and began altering access arrangements to MyNewsDesk to prevent further compromise. A spokesperson stated they were confident the breach was limited to MyNewsDesk account access, with no broader security issues identified. The incident raised concerns about operational reliability, as BBC home affairs producer Daniel De Simone emphasized the public’s reliance on Met communications during emergencies like terror attacks. External figures, including US President Donald Trump and commentator Katie Hopkins, leveraged the breach to criticize London Mayor Sadiq Khan and the Met’s security posture, though the Mayor’s office declined to respond. The force continued working to determine the full scope of the intrusion while restoring control over its communications channels.