Northern Ireland police data leak: Every PSNI officer has data compromised in ‘monumental’ breach due to human error
The Police Service of Northern Ireland (PSNI) has apologised for a self-inflicted security breach which has compromised the data of every serving officer and member of staff.
The service inadvertently published the information in response to a Freedom of Information (FOI) request on Tuesday.
The breach involved the surname, initials, the rank or grade, the work location and departments of all PSNI staff, but did not involve the officers’ and civilians’ private addresses.
It also reveals members of the organised crime unit, intelligence officers stationed at ports and airports, officers in the surveillance unit and almost 40 PSNI staff based at MI5’s headquarters in Holywood, the Belfast Telegraph reports.
PSNI officers have been the targets of republican paramilitaries in recent years and in March the terror threat level in Northern Ireland was raised to severe.
It comes just hours after the Electoral Commission revealed “hostile actors” managed to hack its systems, exposing the data of more than 40 million voters.
PSNI Assistant Chief Constable Chris Todd apologised for the latest breach, saying: “I’ve had to inform the Information Commissioner’s office of a significant data breach that we’re responsible for.
“This is unacceptable.”
He said it was a result of “human error” with the people involved in the process having “acted in good faith”.
Please use Chrome browser for a more accessible video player
‘Human error’ to blame for data breach
Mr Todd said the information was mistakenly made public for approximately two and a half to three hours after being published at 2.30pm on Tuesday afternoon.
The data breach was brought to his attention at 4pm and was then taken down within the hour.
He added the leak was “regrettable” and that steps had been identified to avoid a similar error from happening again.
Data breach plays into hands of those who deem officers of the crown legitimate targets
It would be difficult to exaggerate the scale of what the Police Federation is calling a “monumental” data breach.
Northern Ireland is the one part of the UK where the terror threat level has been raised from substantial to severe, meaning attacks are highly likely.
That threat comes from dissident Irish republicans, the self-styled New IRA in particular, a conglomerate of breakaway factions still pursuing Irish unity by violent means.
The release of the names and ranks of an estimated 10,000 serving police officers and civilian staff plays right into the hands of those who deem officers of the crown legitimate targets.
Earlier this year, the New IRA claimed responsibility for a gun attack on Detective Chief Inspector John Caldwell in Omagh – he was shot and seriously injured.
Police officers I’ve spoken to say they’re required to implement rigorous data protection protocols and are furious their own data has been breached.
Chief Constable Simon Byrne is under pressure to cut short his holiday and return to Northern Ireland.
Given that the security of his officers and their families should be his top priority, he would be wise to do so.
Read more on data breaches:
BA, BBC and Boots hit by cyber security breach
Sexual abuse survivor ‘appalled’ by London mayor’s office data breach
Capita admits data may have been accessed by hackers
Chris Heaton-Harris, the Northern Ireland Secretary, has said he is “deeply concerned” about the breach.
Writing on X (formerly Twitter), he said: “My officials are in close contact with senior officers and are keeping me updated.”
How did the breach occur?
Explaining how exactly the breach happened, Mr Todd said: “What’s happened is we’ve received a Freedom of Information request, that’s quite a routine inquiry, nothing untoward in that.
“We’ve responded to that request, which was seeking to understand the total numbers of officers and staff at all ranks and grade across the organisation, and in the response, unfortunately, one of our colleagues has embedded the source data, which informed that request.
“So, what was within that data was the surname, initial, the rank or grade, the location and the departments for each of our current employees across the police service.”
When asked how useful the information would be to terrorist organisations, Mr Todd said the breach is of “significant concern” to many colleagues and information on how they can protect their own personal security has been passed down.
Read more on police failings:
Six scandals the Met has faced in recent years
Trust in police at lowest level ever, watchdog warns
Catalogue of police failures that led to two murders
What will happen now?
The Information Commissioner’s Office (ICO) has been notified about the incident.
An ICO spokesperson said: “The Police Service of Northern Ireland has made us aware of an incident and we are assessing the information provided.”
The Belfast Telegraph initially reported the breach, after the newspaper was made aware of the spreadsheet by the relative of a member of police staff.
It reported the spreadsheet had the response to the FOI about police staffing numbers in one tab – with the source information mistakenly included in another.
What reaction has there been?
Liam Kelly, chair of the Police Federation for Northern Ireland (PFNI), described the security breach as “monumental”.
He added: “Even if it was done accidentally, it still represents a data and security breach that should never have happened.
“Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.
“The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.
“We have many colleagues who do everything possible to protect their police roles.
“We’re fortunate that the PSNI spreadsheet didn’t contain officer and staff home addresses, otherwise we would be facing a potentially calamitous situation.”
The DUP’s Policing Board representative, MLA Trevor Clarke, said the extent of the data breach in the PSNI is “unprecedented” and “deeply alarming”.
He added: “The public will be rightly seeking answers and they deserve to see a robust response from the PSNI senior command.”
The UUP representative on the Policing Board of Northern Ireland, MLA Mike Nesbitt, has called for an emergency meeting to discuss the breach, while Alliance leader Naomi Long MLA said it was of “profound concern”.
It has become almost impossible to book a driving test on the government website due to bots on the booking system, driving instructors have told Sky News.
The only official way to book a practical car driving test is through the Driver and Vehicle Standards Agency (DVSA) website.
New test slots are released by the DVSA at 6am every Monday, but “no matter how fast I am, there’s nothing available”, said Aman Sanghera, a driving instructor based in west London.
Driving instructor Aman Sanghera wants ‘stronger oversight and regulation’ from the DVSA
When asked about the cause, she said: “All of the tests are taken by bots, they are definitely taking over the booking system.”
In this context, bots are automated software designed to mimic human behaviour and programmed to carry out actions like searching for and reserving driving test appointments on the official government website much faster than humans can.
Individuals and companies use bots to block-book driving test slots and then resell them at a profit, which is not illegal, although it is a violation of the DVSA’s terms of use.
Recent data shows the DVSA has closed over 800 business accounts for misuse of its booking service in the past two years.
It takes five months on average for a test in England – unless you pay a middleman
Ms Sanghera, who has been in the trade for over a decade, said the usage of bots started a few months ago “but is now getting out of hand”.
She said: “I’ve actually heard about driving instructors being approached by certain individuals to then take on their IDs to log in and to run this scam.
“I struggle to actually book a test for my students, which means that by the time my students are logging in, they’ve got no chance.”
Driving instructors can book driving tests on behalf of their pupils using a dedicated service, allowing them to bypass the general queue and potentially secure test slots more efficiently.
As a result, Ms Sanghera said students are “forced to go to third-party sites” to secure “the same test dates which are then available later on during the day at a premium rate of like £200-£300”.
She added: “Given that the DVSA is a government-regulated body, one would expect a more robust and fair system to ensure affordability and accessibility for all candidates.”
The long waiting lists and high demand for tests has led some to take advantage
The standard test fee is £62, offered by the DVSA, which is responsible for carrying out driving tests in Great Britain.
The biggest concern for the driving instructors Sky News has spoken to, including Ms Sanghera, is “the fact that students are being exploited”.
When Ahmed Ali struggled to find a practical test on the DVSA website, he turned to third-party sites – a decision he now regrets.
Ahmed Ali started looking for a test two years ago
He said: “I’ve spent about £650 on driving tests, and I’ve sat zero tests. I’ve given all this money to third-parties that look for cancellations so they could try to get you a faster test.”
But the 20-year-old said that despite making the payments, he “didn’t hear back from them again”, which is illegal.
“When you lose all that money, you get to a point where you can’t really afford to find another driving test,” he said.
“I just feel very frustrated because I’ve spent all this money, all this time into driving, and I haven’t sat a single driving test.”
Read more from Sky News:
Russell Brand charged with rape and sexual assault
Last UK blast furnaces days from closure
Ship owner files legal claim after North Sea crash
The DVSA urged applicants to only book tests via the official Gov.uk website and told Sky News it “deploys enhanced bot protection to help stop automated systems from buying up tests unfairly”.
“These applications, however, are constantly evolving and changing, and DVSA’s work on this is ongoing,” it said.
From Tuesday, the DVSA will require learner drivers to provide 10 full working days’ notice to change or cancel their car driving test without losing the test fee, up from the current three days.
Also part of the DVSA’s crackdown to reduce waiting times is a consultation expected to launch in spring 2025 “to streamline the driving test booking process” and “tighten terms and conditions”.
The last blast furnaces left operating in Britain could see their fate sealed within days, after their Chinese owners took the decision to cut off the crucial supply of ingredients keeping them running.
Jingye, the owner of British Steel in Scunthorpe, has, according to union representatives, cancelled future orders for the iron ore, coal and other raw materials needed to keep the furnaces running.
The upshot is that they may have to close next month – even sooner than the earliest date suggested for its closure.
Read more: Thousands of jobs at risk as British Steel consults unions over closure
The fate of the blast furnaces – the last two domestic sources of virgin steel, made from iron ore rather than recycled – is likely to be determined in a matter of days, with the Department for Business and Trade now actively pondering nationalisation.
The upshot is that even as Britain contends with a trade war across the Atlantic, it is now working against the clock to secure the future of steelmaking at Scunthorpe.
The talks between the government and Jingye broke down last week after the Chinese company, which bought British Steel out of receivership in 2020, rejected a £500m offer of public money to replace the existing furnaces with electric arc furnaces.
The sum is the same one it offered to Tata Steel, which has shut down the other remaining UK blast furnaces in Port Talbot and is planning to build electric furnaces – which have far lower carbon emissions.
These steel workers could soon be out of work
However, the owners argue that the amount is too little to justify extra investment at Scunthorpe, and said last week they were now consulting on the date of shutting both the blast furnaces and the attached steelworks.
Since British Steel is the main provider of steel rails to Network Rail – as well as other construction steels available from only a few sites in the world – the closure would leave the UK more reliant on imports for critical infrastructure sites.
However, since the site belongs to its Chinese owners, a decision to nationalise the site would involve radical steps government officials are wary of taking.
They also fear leaving taxpayers exposed to a potentially loss-making business for the long run.
The dilemma has been heightened by the sharp turn in geopolitical sentiment following Donald Trump’s return to the White House.
The incipient trade war and threatened cut in American support to Europe have sparked fresh calls for countries to act urgently to secure their own supplies of critical materials, especially those used for defence and infrastructure.
Read more:
Car manufacturers fined £461m for collusion
There were no winners from Trump’s tariff gameshow
Gareth Stace, head of UK Steel, the industry lobby group, said: “Talks seem to have broken down between government and British Steel.
“My advice to government is: please, Jonathan Reynolds, Business Secretary, get back round that negotiating table, thrash out a deal, and if a deal can’t be found in the next few days, then I fear for the very future of the sector, but also here for Scunthorpe steelworks.”
British Steel declined to comment.
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports12 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business3 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway