Commissioner Sir Mark Rowley reassured his 47,000 officers and support workers that personal details were not subject to the IT breach at a company which produces warrant cards and passes.
But The Sun on Sunday can reveal an initial survey of data held by Stockport-based Digital ID from 2,000 Met workers shows, in some cases, hackers could get home addresses.
The ransomeware attack came after new warrant cards and passes were produced in a scheme, codenamed Operation Fortress, to improve security.
Many officers complained news of the bungle was posted on an internal intranet over a Bank Holiday weekend instead of sent to them in emails.
This meant they found out only by reading our exclusive about the hack.
Sir Mark apologised and wrote a personal message saying: “Whilst it does not include the most personal data such as addresses or financial data, this breach I know causes wider concern.”
A review of all data held on the Met by the firm is now being carried out.
It is thought hackers were blackmailers rather than terrorists, and that the Met plans to personally tell staff whose home location may be compromised.
Ex-Met commander John O’Connor said: “The hack has put officers at risk, particularly those involved in undercover work. I can’t believe the Met could be so careless.”
The National Crime Agency is leading the probe, supported by the National Cyber Security Centre.
The Met said it was a “complex incident” and added: “Our understanding of what data may be at risk is evolving.
"We are working with technical specialists and keeping staff informed.”
Other police forces, government departments and major companies also used Digital ID.
But it is believed that, rather than sharing information, they used printing equipment supplied by the firm.