Northern Ireland police expose details of all officers in ‘monumental’ data breach blaming 'human error'

9 August 2023, 06:44

By EJ Ward

The Police Service of Northern Ireland (PSNI) has issued an apology following a data breach that led to the inadvertent publication of information about all currently serving officers and staff members.

During a press conference held in Belfast, PSNI Assistant Chief Constable Chris Todd explained that the surname, initial, rank or grade, location, and department details of all active police officers were accidentally disclosed in response to a Freedom of Information (FOI) request.

Mr Todd stated: "Regarding the safety of individuals, there is currently no indication of immediate security threats. However, we have taken measures to be prepared in case any concerns arise. We are ready to respond and mitigate as needed."

He continued: "This situation resulted from human error. We have conducted a thorough examination of the circumstances and will persist with our investigation. Initial assessments suggest that this incident stems from a simple human error, and those involved in the process acted in good faith."

"We have identified specific measures to prevent a recurrence of such an incident. While regrettable, it boils down to a straightforward human mistake," he added.

Republican paramilitaries have directed their attention towards the police force in Northern Ireland, with the most recent assault occurring in February.

This spreadsheet contained the last names, initials, and additional information of over 10,000 individuals.

The data covered a wide spectrum of individuals within the PSNI, ranging from Chief Constable Simon Byrne and extending down the hierarchy.

Notably, this disclosure did not encompass any personal residential addresses.

Read more: August bank holiday weather: Will it be hot?

Read more: 'I've dreamed about this': Man wrongly jailed for 17 years 'haunted' by time in prison as he rejects police apology

Police officers in Northern Ireland were regularly attacked by republican paramilitary groups during the Troubles and members of the PSNI have also been targeted in gun and bomb attacks in the years following the Good Friday Agreement.

In February this year, senior PSNI officer Det Ch Insp John Caldwell was seriously injured in a shooting in Omagh, County Tyrone.

The following month, the terrorism threat level in Northern Ireland was raised from substantial to severe, meaning an attack is highly likely.

ACC Todd said the PSNI data had been available to the public for approximately two and a half to three hours before being removed.

"We believe it was uploaded about two thirty this afternoon. It came to my attention as the senior information risk owner at about 4pm this afternoon, with the co-operation of the host provider it was taken down within the hour," he said.

Northern Ireland Secretary Chris Heaton-Harris expressed his concern, remarking: "The data breach involving the PSNI troubles me deeply. My team is maintaining close communication with senior officers and providing me with updates."

A representative from the Information Commissioner's Office stated: "We have been informed of an incident by the Police Service of Northern Ireland and are currently evaluating the information provided."

The Police Federation has called for an urgent inquiry.

Liam Kelly, Chair of the Police Federation for Northern Ireland (PFNI), emphasised the need for a swift inquiry and voiced the PFNI members' dismay.

"This is an enormously significant breach. Even if accidental, it constitutes a breach of data security that should never have occurred," he asserted.

"The protection of this valuable information should have been fortified with robust safeguards. In the wrong hands, this data could lead to immeasurable harm. Our officers and staff are deeply disturbed by this breach. They are shaken, disheartened, and justifiably outraged. They, like me, are demanding decisive action to tackle this unparalleled exposure of sensitive information."

"We have colleagues who are dedicated to safeguarding their roles in law enforcement. Thankfully, the PSNI spreadsheet did not include personal home addresses; otherwise, we could be confronting a potentially catastrophic situation."

"The oversight of FOI procedures, if inadequate or lax, must be rectified promptly. It is clear that new safeguards are imperative to prevent any recurrence of this nature," he concluded.