The Police Service of Northern Ireland (PSNI) has suffered a significant data breach after a spreadsheet containing 32 different pieces of personal details of 10,799 current PSNI officers and civilian staff members was mistakenly published online. The data, which was published in response to a freedom of information request, included surnames, initials, ranks, grades, locations, and departments. The breach does not involve private addresses, according to reports. The information was available to the public for between two and a half to three hours before being taken down. The PSNI's assistant chief constable, Chris Todd, has apologised to officers and informed the Information Commissioner’s Office (ICO) of the breach. The Police Federation for Northern Ireland has called for an urgent inquiry and new safeguards to prevent a similar incident from occurring in the future.
To indicate the severity of the beach, the PSNI confirmed that a “Gold Group” has been convened to respond to the incident. As the PSNI's highest level of internal emergency response, Gold Groups are generally only assembled in cases of serious public disorder or a major incident requiring the oversight of the Assistant Chief Constable (ACC). In turn, the ACC reports to the Chief Constable and, when necessary, the national emergency committee COBRA in Whitehall.
According to the Belfast Telegraph, the impact of the breach is such that one officer has already had to move house: “As a serving police officer, my own family do not know what I do. I have had to move house and out of the town I lived as advised by senior officers for ‘security reasons’. I deleted social media accounts… now my full name and initials are widely available. It's a complete disaster”.
Reports (here (£) and here) indicate that other officers, especially those working with MI5, may have to change jobs or relocate to the mainland. Meanwhile, another report highlights that the terrorist threat in Northern Ireland was already at "severe" after John Caldwell was shot while off-duty by four masked men. This breach exposes officers like never before.
On Wednesday, the head of policing in Northern Ireland, Chief Constable Simon Byrne, cut short his family holiday to meet the Secretary of State for Northern Ireland. However, by Thursday morning, with the impact of the breach still unfolding, DUP MP Sammy Wilson called for Chief Constable Byrne to consider his position.
Then, in an early worst-case scenario, Chief Constable Byrne confirmed that dissident republicans had claimed to possess some of the information circulating on WhatsApp from the PSNI data breach. “We are advising officers and staff about how to deal with that and any further risk that they face,” said Byrne.
A special report shown by Channel 4 News covered the story, including an interview on air with Information Commissioner John Edwards by Krishnan Guru-Murthy, discussing the PSNI breach and also the Electoral Commission breach.
In a statement responding to the breach from the ICO, John Edwards said, "This incident raises serious concerns as it shows how even the smallest of human errors can have major consequences... Following the report received from the PSNI, we are investigating the matter. Whilst this is a matter of serious concern, we do not yet know the extent to which the personal information was accessed during the time it was exposed. We are working with the PSNI to establish the level of risk and mitigations."
That the situation isn't bad enough, reports of a second PSNI data breach have emerged involving the theft of a police-issued laptop and documents, including a spreadsheet of over 200 serving officers and staff, which occurred last month in Newtownabbey.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.