A serious data leak has exposed the personal details of police officers and civilian personnel working at the Police Service of Northern Ireland (PSNI), it was confirmed on August 8.
The breach occurred following the accidental release of data within a spreadsheet following a Freedom of Information (FoI) request. This revealed the surnames and initials of current employees in the service, their rank or grade, and the location and department they work in.
This included highly sensitive areas like surveillance and intelligence, raising concerns around the safety of police officers and their families.
The list also includes individuals currently on career breaks.
The information was published on a FoI website, What Do They Know, at around 2.30pm BST on the afternoon of Tuesday 8 August. The information was shared in response to FoI request from a member of the public that asked: ‘Could you provide the number of officers each rank and number of staff at each grade?’
In addition to a numerical table, a large Excel spreadsheet document 10,799 lines long containing the sensitive information was made available in error. The spreadsheet was subsequently removed from the website two and a half hours later, at the request of the PSNI.
Senior Information Risk Owner, Assistant Chief Constable Chris Todd, emphasized that no other personal information was included in the leak, in a statement published by the PSNI.
“An initial notification has been made to the office of the Information Commissioner regarding the data breach,” he added.
“The matter is being fully investigated and a Gold structure is in place to oversee the investigation and consequences. It is actively being reviewed to identify any security issues.”
A Severe Data Breach
Addressing the incident in a press conference on August 8, Todd apologized for the leak and acknowledged it will be of “considerable concern” to serving police officers and their families.
“We’re operating in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism, and this is the last thing that anybody in the organization wants to hear at the moment,” he commented.
The UK government raised the threat level for Northern Ireland-related terrorism from ‘Substantial’ to ‘Severe’ in March 2023, which was due to a rise in the targeting of police officers in the region.
Speaking to Infosecurity, Jonathan Armstrong, partner at law firm Cordery, noted the “lasting consequences” of the breach on the lives of PSNI police officers. “Even if no-one comes to actual physical harm through the breach people will live – possibly forever – with the threat hanging over them,” he outlined.
Brian Honan, CEO at BH Consulting, told Infosecurity that it is probably the most serious data breach he has seen.
He explained: “The details exposed could pave the lives of the PSNI at serious risk either by criminal elements who may seek revenge against certain officers, or more worryingly the data being used by terrorists to target officers.”
Honan noted that the ability of officers working undercover or in intelligence to carry out their duties could now be severely disrupted.
No tags.
