Northern Ireland police data leak: Every PSNI officer has data compromised in ‘monumental’ breach due to human error
The Police Service of Northern Ireland (PSNI) has apologised for a self-inflicted security breach which has compromised the data of every serving officer and member of staff.
The service inadvertently published the information in response to a Freedom of Information (FOI) request on Tuesday.
The breach involved the surname, initials, the rank or grade, the work location and departments of all PSNI staff, but did not involve the officers’ and civilians’ private addresses.
It also reveals members of the organised crime unit, intelligence officers stationed at ports and airports, officers in the surveillance unit and almost 40 PSNI staff based at MI5’s headquarters in Holywood, the Belfast Telegraph reports.
PSNI officers have been the targets of republican paramilitaries in recent years and in March the terror threat level in Northern Ireland was raised to severe.
It comes just hours after the Electoral Commission revealed “hostile actors” managed to hack its systems, exposing the data of more than 40 million voters.
PSNI Assistant Chief Constable Chris Todd apologised for the latest breach, saying: “I’ve had to inform the Information Commissioner’s office of a significant data breach that we’re responsible for.
“This is unacceptable.”
He said it was a result of “human error” with the people involved in the process having “acted in good faith”.
Please use Chrome browser for a more accessible video player
‘Human error’ to blame for data breach
Mr Todd said the information was mistakenly made public for approximately two and a half to three hours after being published at 2.30pm on Tuesday afternoon.
The data breach was brought to his attention at 4pm and was then taken down within the hour.
He added the leak was “regrettable” and that steps had been identified to avoid a similar error from happening again.
Data breach plays into hands of those who deem officers of the crown legitimate targets
It would be difficult to exaggerate the scale of what the Police Federation is calling a “monumental” data breach.
Northern Ireland is the one part of the UK where the terror threat level has been raised from substantial to severe, meaning attacks are highly likely.
That threat comes from dissident Irish republicans, the self-styled New IRA in particular, a conglomerate of breakaway factions still pursuing Irish unity by violent means.
The release of the names and ranks of an estimated 10,000 serving police officers and civilian staff plays right into the hands of those who deem officers of the crown legitimate targets.
Earlier this year, the New IRA claimed responsibility for a gun attack on Detective Chief Inspector John Caldwell in Omagh – he was shot and seriously injured.
Police officers I’ve spoken to say they’re required to implement rigorous data protection protocols and are furious their own data has been breached.
Chief Constable Simon Byrne is under pressure to cut short his holiday and return to Northern Ireland.
Given that the security of his officers and their families should be his top priority, he would be wise to do so.
Read more on data breaches:
BA, BBC and Boots hit by cyber security breach
Sexual abuse survivor ‘appalled’ by London mayor’s office data breach
Capita admits data may have been accessed by hackers
Chris Heaton-Harris, the Northern Ireland Secretary, has said he is “deeply concerned” about the breach.
Writing on X (formerly Twitter), he said: “My officials are in close contact with senior officers and are keeping me updated.”
How did the breach occur?
Explaining how exactly the breach happened, Mr Todd said: “What’s happened is we’ve received a Freedom of Information request, that’s quite a routine inquiry, nothing untoward in that.
“We’ve responded to that request, which was seeking to understand the total numbers of officers and staff at all ranks and grade across the organisation, and in the response, unfortunately, one of our colleagues has embedded the source data, which informed that request.
“So, what was within that data was the surname, initial, the rank or grade, the location and the departments for each of our current employees across the police service.”
When asked how useful the information would be to terrorist organisations, Mr Todd said the breach is of “significant concern” to many colleagues and information on how they can protect their own personal security has been passed down.
Read more on police failings:
Six scandals the Met has faced in recent years
Trust in police at lowest level ever, watchdog warns
Catalogue of police failures that led to two murders
What will happen now?
The Information Commissioner’s Office (ICO) has been notified about the incident.
An ICO spokesperson said: “The Police Service of Northern Ireland has made us aware of an incident and we are assessing the information provided.”
The Belfast Telegraph initially reported the breach, after the newspaper was made aware of the spreadsheet by the relative of a member of police staff.
It reported the spreadsheet had the response to the FOI about police staffing numbers in one tab – with the source information mistakenly included in another.
What reaction has there been?
Liam Kelly, chair of the Police Federation for Northern Ireland (PFNI), described the security breach as “monumental”.
He added: “Even if it was done accidentally, it still represents a data and security breach that should never have happened.
“Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.
“The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.
“We have many colleagues who do everything possible to protect their police roles.
“We’re fortunate that the PSNI spreadsheet didn’t contain officer and staff home addresses, otherwise we would be facing a potentially calamitous situation.”
The DUP’s Policing Board representative, MLA Trevor Clarke, said the extent of the data breach in the PSNI is “unprecedented” and “deeply alarming”.
He added: “The public will be rightly seeking answers and they deserve to see a robust response from the PSNI senior command.”
The UUP representative on the Policing Board of Northern Ireland, MLA Mike Nesbitt, has called for an emergency meeting to discuss the breach, while Alliance leader Naomi Long MLA said it was of “profound concern”.
Casinos sponsoring two Premier League clubs are accepting UK customers without a licence, putting club officers at risk of prosecution, Sky News has learned.
The gambling websites, BC.Game and DEBET, are the matchday shirt sponsors of Leicester City and Wolverhampton Wanderers, respectively.
But an investigation by anti-gambling advert campaigners, shared with Sky News, suggests the casinos have continued to accept UK customers – despite this becoming unlawful after they lost their licences to operate in the UK.
DEBET lost its licence on 15 May, while BC.Game lost its licence in December 2024.
Neither club has indicated that they intend to end the sponsorships, despite criticism from campaigners and warnings from the Gambling Commission.
With the end of the 2024/25 season this weekend, both clubs are now half-way through two-year sponsorship deals with the casinos – putting them in a difficult position for next season.
The campaign group Coalition to End Gambling Ads (CEGA) told Sky News it was able to make deposits on both gambling websites, despite the sites having no licence to accept UK customers.
CEGA also successfully deposited cash on Burnley FC sponsor 96.com. Burnley are due to be promoted to the Premier League next season.
The findings come one week after the Gambling Commission warned five football clubs, including Wolverhampton and Burnley, that their officers “may be liable to prosecution and, if convicted, face a fine, imprisonment or both if they promote unlicensed gambling businesses that transact with consumers in Great Britain”.
The Commission had issued a similar warning to Leicester City in February.
It made clear then that the clubs must either cut ties with the casinos or ensure they are not accessible to UK customers “by any means” – including virtual private networks (VPNs) – software used to hide a user’s real location.
Other than the need to use a VPN, CEGA director Will Prochaska says it “really wasn’t very difficult” to access the sites.
The Gambling Commission declined to be interviewed by Sky News, but said that “where we have evidence that meets the standard for criminal prosecution we will take appropriate action”.
Head of enforcement at the Commission John Pierce previously said the body would “conduct ongoing spot checks as necessary to ensure they are not accessible to consumers in Great Britain by any means”.
Mr Prochaska, however, said the Commission was taking “far too long” to take action.
“Far too many children, far too many football fans, are seeing these adverts every day,” he said. “It’s got to stop.”
Leicester City’s sponsor has had no UK licence for almost six months
The three sites that appear on the matchday shirts of Leicester, Wolves and Burnley were previously licensed by TGP Europe, a company based on the Isle of Man.
On 15 May, TGP Europe surrendered its UK gambling licence to avoid a £3.3m fine, leaving DEBET and 96.com unable to legally accept UK customers.
Leicester City sponsor BC.Game has been unlicensed in the UK since it parted ways with TGP Europe in December 2024 – almost six months ago.
Jamie Vardy celebrating scoring for Leicester City last December.
Pic: PA
Mr Prochaska said he contacted Leicester City on 13 March to alert them that BC.Game was still accepting UK customers.
“In fact, it was one of the easiest for me to gamble on – there were very few checks whatsoever,” he says. “But Leicester don’t seem to have done anything about it, and it’s still on the front of their shirts.”
Leicester City FC did not respond to a request for comment.
Sky News was able to sign up to every single site
Bournemouth, Fulham and Newcastle United are also sponsored by casinos that were formerly licensed by TGP Europe, but have been unlicensed since 15 May.
These casinos (bj88, SBOTOP and FUN88) are no longer able to legally accept UK customers.
However, Sky News was able to use a VPN to sign up to all three casinos, as well as those sponsoring Leicester City, Wolverhampton and Burnley.
On all six websites, Sky was able to access QR codes for making cryptocurrency deposits. Sky News did not attempt to make any deposits.
All six casinos are forbidden by law from accepting UK customers.
Yet Burnley sponsor 96.com allowed Sky News to sign up using a Telegram account registered to a UK phone number.
The other websites all required phone numbers to be entered upon registration, which could be used as an additional layer of security to filter out UK customers.
However, most of the websites did not check whether the phone number provided was genuine.
Only one website, Leicester City sponsor BC.Game, did check.
However, after confirming the phone number’s authenticity, BC.Game allowed registration to proceed – even though Sky News had provided a UK phone number.
Sky News presented these findings to the football clubs concerned, to TGP Europe and to the Gambling Commission, but did not receive any comment.
Anyone concerned about their gambling, or that of a loved one, can visit BeGambleAware.org for free, confidential advice and support, or The National Gambling Helpline is available on 0808 8020 133 and operates 24 hours a day, seven days a week.
The Data and Forensics team is a multi-skilled unit dedicated to providing transparent journalism from Sky News. We gather, analyse and visualise data to tell data-driven stories. We combine traditional reporting skills with advanced analysis of satellite images, social media and other open source information. Through multimedia storytelling we aim to better explain the world while also showing how our journalism is done.
Alan Yentob, the former BBC presenter and executive, has died aged 78.
A statement from his family, shared by the BBC, said Yentob died on Saturday.
His wife Philippa Walker said: “For Jacob, Bella and I, every day with Alan held the promise of something unexpected. Our life was exciting, he was exciting.
“He was curious, funny, annoying, late, and creative in every cell of his body. But more than that, he was the kindest of men and a profoundly moral man. He leaves in his wake a trail of love a mile wide.”
Read more on Sky News:
First renationalised train service starts
My week with Prince William, the quiet disruptor
Yentob joined the BBC as a trainee in 1968 and held a number of positions – including controller of BBC One and BBC Two, director of television, and head of music and art.
He was also the director of BBC drama, entertainment, and children’s TV.
Yentob launched CBBC and CBeebies, and his drama commissions included Pride And Prejudice and Middlemarch.
Alan Yentob (left) with former BBC director general Tony Hall in 2012. Pic: Reuters.
The TV executive was made a Commander of the Order of the British Empire (CBE) by the King in 2024 for services to the arts and media.
In a tribute, the BBC’s director-general Tim Davie said: “Alan Yentob was a towering figure in British broadcasting and the arts. A creative force and a cultural visionary, he shaped decades of programming at the BBC and beyond, with a passion for storytelling and public service that leave a lasting legacy.
“Above all, Alan was a true original. His passion wasn’t performative – it was personal. He believed in the power of culture to enrich, challenge and connect us.”
BBC Radio 4 presenter Amol Rajan described him on Instagram as “such a unique and kind man: an improbable impresario from unlikely origins who became a towering figure in the culture of post-war Britain.
“I commend his spirit to the living.”
A mother and three of her children who died in a house fire in northwest London have been named by police.
Warning: This article contains pictures of a fire in which people died
Detectives say Nusrat Usman, 43, Maryam Mikaiel, 15, Musa Usman, eight, and Raees Usman, four, died following the fire in Stonebridge, near Wembley, in the early hours of Saturday.
A woman in her 70s was taken to hospital but has since been released. A 13-year-old girl remains in hospital in a critical condition.
A 41-year-old man was arrested at the scene and has since been bailed. He was subsequently detained under the Mental Health Act.
The blaze gutted two homes in Stonebridge
Flowers and a blue teddy bear have been left near the scene, where crews wearing helmets and respiratory equipment were seen building scaffolding against the burnt-out buildings.
Neighbour Cecilia Marquis, 60, said she was “stunned by the devastation”.
“This will leave a devastating impact,” Ms Marquis, who witnessed the fire, said.
Witness Mohamed Labidi, 38, said he “can’t even look at the house right now”.
“We used to socialise together.
“They’re very good people, no problems on their side at all. It’s really shocking. It’s a really strong community here, we look after each other.”
A neighbour, who asked not to be named, said: “It’s horrible, we saw people running outside.
“It’s hard to process. I only just moved in, so it’s hard to think about it.”
Read more from Sky News:
Police officer fighting for life after on-duty traffic incident named
Premier League clubs at risk of legal action
Rayner says she ‘never’ wants to be Labour leader
Emergency services on the scene. Pic: PA
Eight fire engines and around 60 firefighters responded to the blaze, London Fire Brigade (LFB) said.
Two terrace houses, each with three floors, were severely damaged in the fire, which was under control by around 3.25am, the fire service added.
Superintendent Steve Allen, from the Met’s local policing team in northwest London, said: “Our thoughts go out to all those impacted by what has happened.
“Specialist officers are continuing to support the wider family who have asked for privacy at this deeply upsetting time.
“Local officers are working closely with officers from the Specialist Crime Command on what continues to be a very complex investigation.”
Mayor of London Sadiq Khan said in a post on X: “This is devastating news and my thoughts are with the family, friends and wider community of the four people who sadly have lost their lives.
“I remain in close contact with the London Fire Brigade and Metropolitan Police as they work to establish the cause of the fire and offer support to all those impacted.”
This breaking news story is being updated and more details will be published shortly.
Please refresh the page for the fullest version.
You can receive breaking news alerts on a smartphone or tablet via the Sky News app. You can also follow us on WhatsApp and subscribe to our YouTube channel to keep up with the latest news.
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business3 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway