Dear Certificate Holder,
Data relating to approximately 110,000 users held within
guntrader.uk has been published on the dark web.
The South West Regional Organised Crime Unit's Cyber Crime Unit, supported by the National Crime Agency are currently investigating the breach. The link to this data is no longer available and work is being done to understand who has viewed the data and identify those responsible for the breach.
Gun Trader have contacted the Information Commissioner to report the breach and have contacted all affected users.
The investigation to date has not highlighted any increased risk to any specific individual exposed by the data breach. However, the data breach heightens any potential risk by putting all of the data in a single place.
The data includes information supplied upon signing up to the website including, names, usernames, hashed passwords, addresses, email addresses and telephone numbers. A significant number of users are current Firearm / Shotgun / Registered Firearms Dealer certificate holders; however it is important to note that they are not recognisable from the data alone.
The National Crime Agency have cross referenced the leaked data against all persons who currently hold a live Firearm / Shotgun / Registered Firearms Dealer Certificates according to the National Firearms Licensing Management System (NFLMS). A list has been supplied to each individual police force nationally.
I am writing to you today to advise that your personal details have been identified as being held within the leaked data.
It would be sensible for you to review the advice provided below in relation to the security of any firearm(s) you possess and your general cyber security;
Firearms Licensing
-
Review your general security arrangements - The Firearms Security Handbook 2020, published by the Home Office is available
here.
§ Regularly check, maintain and use any
Alarm / CCTV system / Security lighting
§
Check your cabinet fixings - consider adding / replacing fixings or re-siting your cabinet(s) to a location which frustrates any attempt to open or fully remove the cabinet, such as a corner.
§ Ensure that you keep any
keys to your cabinet(s) in a place where they cannot be easily found. Criminals are aware of the habit of 'hiding' keys in a drawer, so think carefully about the hiding place. An option is to keep keys in a small combination safe. Another option is opt for a gun cabinet which uses a combination lock.
§
Consider splitting your guns across more than one cabinet located in different locations within your address, i.e. storing shotgun barrels in a separate cabinet. This helps to prevent the theft of any fully assembled, working firearm.
§ Should you wish for any specific security advice, please contact the unit by email -
FirearmsandExplosivesUnit@gmp.police.uk detailing your query. An Enquiry Officer will contact you to discuss.
-
Remain vigilant and report any suspicious activity to police - either
online, by phone on 101, or 999 in the case of an emergency
-
Should you wish to advertise any item held on your certificate(s), it would be advisable to use a different contact number to the one originally used to sign up to Gun Trader. This is due to the relative ease in identifying a current seller's address using the contact number as a unique identifier once in possession of the leaked data. Should you have any concerns in relation to any potential buyer, please contact the Firearms Licensing Unit -
FirearmsandExplosivesUnit@gmp.police.uk
Cyber Security
The following advice has been provided by GMP's Cyber Crime Unit. Although no financial information has been leaked from the Gun Trader website,
it is important to change your password on any other user accounts to which you use the same password.
As you have been identified as an affected customer of an organisation that has suffered a data breach you should take the following actions;
-
Check your online accounts to confirm there's been no unauthorised activity. Things to look out for include:
§ being unable to log into your accounts
§ changes to your security settings
§ messages or notifications sent from your account that you don't recognise
§ logins or attempted logins from strange locations or at unusual times
-
Be alert to suspicious messages, which may be sent some time
after the breach is made public. Remember, your bank (or any other official organisation) will never ask you to supply personal information. Things to look out for include:
§ official-sounding messages about 'resetting passwords', 'receiving compensation', 'scanning devices' or 'missed deliveries'
§ emails full of 'tech speak', designed to sound more convincing
§ being urged to act immediately or within a limited timeframe
- Also
be aware that you may receive a suspicious message that includes a password you've used in the past,
don't panic:
§ if this is a password that you still use, you should change it as soon as you can
§ if any of your other accounts use the same password, you should change them as well
§ for advice on creating strong passwords, visit
www.cyberaware.gov.uk
To check if your details have appeared in any other public data breaches, there are a number of online tools that you can use, such as
https://haveibeenpwned.com. Similar services are often included in antivirus or password manager tools that you may already be using.
For further information, visit The National Cyber Security Centre
here.
Kind Regards,
Alan Bates,
Firearms & Explosives Licensing Manager
GMP Firearms & Explosives Licensing Unit
Online
You can access many of our services online at
www.gmp.police.uk.
For emergencies only call 999, or 101 if it's a less urgent matter.
You can also connect with us on:
- Facebook: www.facebook.com/GtrManchesterPolice
Twitter: www.twitter.com/gmpolice
Instagram: www.instagram.com/gtrmanchesterpolice
Flickr: www.flickr.com/gmpolice1
YouTube: www.youtube.com/gmpolice
Pinterest: www.pinterest.co.uk/gmpolice
To find out what is happening in your area, visit
www.gmp.police.uk/a/your-area where you will be able to follow local social media accounts.
DISCLAIMER: This message and any attachment may contain information which is confidential or privileged. It is intended for the addressee(s) only. If you have received this message in error, notify the sender and delete it and any attachments without retaining a copy.
Unauthorised use or disclosure of the contact may be unlawful. Any opinions expressed may not be official policy.
Unless encrypted, internet email is not to be treated as a secure means of communication. Greater Manchester Police records and monitors all email activity and content and you are advised that any email you send may be subject to monitoring.
Thank you for your co-operation.
