The Metropolitan Police is investigating a possible data breach after “unauthorised access” was gained to the systems of one of its suppliers.
The force said the company held names, ranks, photos, vetting levels, and pay numbers for officers and staff, and that it was working to understand what data, if any, had been accessed.
It said it had also taken additional “security measures”.
The force’s staff association said the breach will cause “concern and anger”.
A spokesperson for the Met was unable to say when the breach occurred or how many personnel might have been affected, but added that the company in question did not hold personal information such as addresses, phone numbers, or financial details.
The incident has been reported to the National Crime Agency (NCA) and the information commissioner.
Rick Prior, vice chair of the Metropolitan Police Federation, which represents more than 30,000 officers in the force, said that any compromised information could, in the wrong hands, “do incalculable damage”.
“Metropolitan Police officers are – as we speak – out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe,” he said.
“To have their personal details potentially leaked out into the public domain in this manner – for all to possibly see – will cause colleagues incredible concern and anger.
“We will be working with the force to mitigate the dangers and risks that this disclosure could have on our colleagues.
“And [we] will be holding the Metropolitan Police to account for what has happened.”
Former Met Ch Supt Dal Babu told BBC News the breach could be more of a concern for ethnic minority officers.
“If you’re from a minority background and your name has been obtained by a criminal network, they’re more likely to be able to find you because those names are unusual and it’s easier to find on the internet where you are, what you’re doing,” said Mr Babu, who was one of the UK’s most senior ethnic minority police officers.
“Whereas if you’ve got a name, for example John Smith, then you could be one of the thousands of John Smiths,” he added.
He went on to say that some officers would be concerned by the data breach, and gave the theoretical example of an ethnic minority officer with an unusual name – who could be in counter terrorism or working undercover – and could potentially be more easily identified.
A spokesperson for the NCA said the agency was “aware of the cyber incident” and “working with law enforcement partners to understand the impact”.
The breach comes just weeks after the Police Service of Northern Ireland (PSNI) admitted it had mistakenly published personal information about all its 10,000 staff.
The force said the surname and first initial of all police and civilian personnel, their rank or grade, where they were based, and their unit was released in response to a Freedom of Information (FoI) request.
Norfolk and Suffolk Police later announced it had mistakenly released information about more than 1,200 people, including victims and witnesses of crime, also following an FoI request.
Last week, South Yorkshire Police referred itself to the information commissioner after “a significant and unexplained reduction” in data such as bodycam footage stored on its systems, a loss which it said could affect some 69 cases.