PSNI apology over data breach which revealed details about officers and civilian staff to public

The Police Service of Northern Ireland (PSNI) has apologised to its thousands of serving officers and civilian staff whose personal and employment data was compromised in a “significant” data breach. Northern Ireland Secretary Chris Heaton-Harris said he is “deeply concerned” by the data breach, while the Police Federation for Northern Ireland (PFNI) said its members are “appalled”. The incident happened when the PSNI responded to a Freedom of Information request seeking the number of officers and staff at all ranks and grades across the organisation.

In the published response to this request a table was embedded that contained the rank and grade data, but also included detailed information that attached the surname, initial, the location and the departments for all employees of the PSNI. The data was potentially viewable by the public for between 2.5 to three hours. Addressing the media in Belfast on Tuesday, Assistant Chief Constable Chris Todd apologised to officers for the “unacceptable” breach. He said that once it was brought to the PSNI’s attention it was taken down “quickly”, and that early indications were that this was a “simple human error”. Mr Todd also said there were no immediate security concerns, but they were monitoring the situation. “I understand that that will be of considerable concern to many of my colleagues and their families indeed, at the moment,” he said. “We operate in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening. “So, I owe it to all my colleagues to make sure that this is investigated thoroughly, and we’ve initiated that and will keep them informed, keep all the staff associations informed of that investigation, and we’ve been engaging with them throughout the afternoon. “The information was taken down very quickly but, nevertheless, I do appreciate the concern, of course we will seek to find the extent to which that has been viewed. “What I would say is that although the error was our own, once that information was out there if anybody did have access to it, I would ask them to delete it straight away.” The incident was first reported by the Belfast Telegraph, which reported that it viewed the uploaded material after it was contacted by a relative of a serving officer. Apart from the person who released the information, the PSNI was unaware the information had been released until they saw it on a website, Mr Todd confirmed. He said that despite the data only including surnames and initials, the breach will still be “of significant concern to many of my colleagues”. “We will ensure we do anything we can to mitigate any security risks that are identified.” He added: “We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith. “We’ve identified some steps that we can take to ensure that it doesn’t happen again. “It is regrettable but it is simple human error.” Liam Kelly, chairman of the PFNI, said an urgent inquiry is needed into the “monumental” breach. “Even if it was done accidentally, it still represents a data and security breach that should never have happened,” he said. “Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage. “The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.” Politicians have reacted with shock – the SDLP’s policing spokesman Mark H Durkan called on PSNI Chief Constable Simon Byrne to make a statement. DUP MLA for South Antrim, Trevor Clarke, a member of the Northern Ireland Policing Board, said they would look for answers when it meets on Thursday, and pinned some blame on Mr Heaton-Harris.

Mr Todd said Police Chief Constable Mr Byrne is aware of the issue, but would not comment on whether he would return from his summer break to respond. “I’m the duty officer and I’m the senior information risk owner, so I take responsibility for this,” he said. A spokesman for the Information Commissioner’s Office said the PSNI “has made us aware of an incident and we are assessing the information provided”.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know.