UK

Northern Ireland police data leak: Every PSNI officer has data compromised in ‘monumental’ breach due to human error

Published

on

The Police Service of Northern Ireland (PSNI) has apologised for a self-inflicted security breach which has compromised the data of every serving officer and member of staff.

The service inadvertently published the information in response to a Freedom of Information (FOI) request on Tuesday.

The breach involved the surname, initials, the rank or grade, the work location and departments of all PSNI staff, but did not involve the officers’ and civilians’ private addresses.

It also reveals members of the organised crime unit, intelligence officers stationed at ports and airports, officers in the surveillance unit and almost 40 PSNI staff based at MI5’s headquarters in Holywood, the Belfast Telegraph reports.

PSNI officers have been the targets of republican paramilitaries in recent years and in March the terror threat level in Northern Ireland was raised to severe.

It comes just hours after the Electoral Commission revealed “hostile actors” managed to hack its systems, exposing the data of more than 40 million voters.

PSNI Assistant Chief Constable Chris Todd apologised for the latest breach, saying: “I’ve had to inform the Information Commissioner’s office of a significant data breach that we’re responsible for.

“This is unacceptable.”

He said it was a result of “human error” with the people involved in the process having “acted in good faith”.

Please use Chrome browser for a more accessible video player

‘Human error’ to blame for data breach

Mr Todd said the information was mistakenly made public for approximately two and a half to three hours after being published at 2.30pm on Tuesday afternoon.

The data breach was brought to his attention at 4pm and was then taken down within the hour.

He added the leak was “regrettable” and that steps had been identified to avoid a similar error from happening again.

Data breach plays into hands of those who deem officers of the crown legitimate targets



David Blevins

Senior Ireland correspondent

@skydavidblevins

It would be difficult to exaggerate the scale of what the Police Federation is calling a “monumental” data breach.

Northern Ireland is the one part of the UK where the terror threat level has been raised from substantial to severe, meaning attacks are highly likely.

That threat comes from dissident Irish republicans, the self-styled New IRA in particular, a conglomerate of breakaway factions still pursuing Irish unity by violent means.

The release of the names and ranks of an estimated 10,000 serving police officers and civilian staff plays right into the hands of those who deem officers of the crown legitimate targets.

Earlier this year, the New IRA claimed responsibility for a gun attack on Detective Chief Inspector John Caldwell in Omagh – he was shot and seriously injured.

Police officers I’ve spoken to say they’re required to implement rigorous data protection protocols and are furious their own data has been breached.

Chief Constable Simon Byrne is under pressure to cut short his holiday and return to Northern Ireland.

Given that the security of his officers and their families should be his top priority, he would be wise to do so.

Read more on data breaches:
BA, BBC and Boots hit by cyber security breach
Sexual abuse survivor ‘appalled’ by London mayor’s office data breach
Capita admits data may have been accessed by hackers

Chris Heaton-Harris, the Northern Ireland Secretary, has said he is “deeply concerned” about the breach.

Writing on X (formerly Twitter), he said: “My officials are in close contact with senior officers and are keeping me updated.”

How did the breach occur?

Explaining how exactly the breach happened, Mr Todd said: “What’s happened is we’ve received a Freedom of Information request, that’s quite a routine inquiry, nothing untoward in that.

“We’ve responded to that request, which was seeking to understand the total numbers of officers and staff at all ranks and grade across the organisation, and in the response, unfortunately, one of our colleagues has embedded the source data, which informed that request.

“So, what was within that data was the surname, initial, the rank or grade, the location and the departments for each of our current employees across the police service.”

When asked how useful the information would be to terrorist organisations, Mr Todd said the breach is of “significant concern” to many colleagues and information on how they can protect their own personal security has been passed down.

Read more on police failings:
Six scandals the Met has faced in recent years
Trust in police at lowest level ever, watchdog warns
Catalogue of police failures that led to two murders

What will happen now?

The Information Commissioner’s Office (ICO) has been notified about the incident.

An ICO spokesperson said: “The Police Service of Northern Ireland has made us aware of an incident and we are assessing the information provided.”

The Belfast Telegraph initially reported the breach, after the newspaper was made aware of the spreadsheet by the relative of a member of police staff.

It reported the spreadsheet had the response to the FOI about police staffing numbers in one tab – with the source information mistakenly included in another.

What reaction has there been?

Liam Kelly, chair of the Police Federation for Northern Ireland (PFNI), described the security breach as “monumental”.

He added: “Even if it was done accidentally, it still represents a data and security breach that should never have happened.

“Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.

“The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.

“We have many colleagues who do everything possible to protect their police roles.

“We’re fortunate that the PSNI spreadsheet didn’t contain officer and staff home addresses, otherwise we would be facing a potentially calamitous situation.”

The DUP’s Policing Board representative, MLA Trevor Clarke, said the extent of the data breach in the PSNI is “unprecedented” and “deeply alarming”.

He added: “The public will be rightly seeking answers and they deserve to see a robust response from the PSNI senior command.”

The UUP representative on the Policing Board of Northern Ireland, MLA Mike Nesbitt, has called for an emergency meeting to discuss the breach, while Alliance leader Naomi Long MLA said it was of “profound concern”.

Trending

Exit mobile version