What is 'major data breach' that has left police federation 'appalled'?

UTV
psni
Data breach
Northern Ireland
Wednesday 9 August 2023 at 5:01pm

A major data breach has compromised the personal and employment details of thousands of Police Service of Northern Ireland (PSNI) officers and civilian staff.

The force’s Assistant Chief Constable Chris Todd apologised to his staff for the breach, which left the Police Federation of Northern Ireland (PFNI) “appalled”.

So what actually happened?

The breach occurred when the PSNI responded to a Freedom of Information request seeking the number of officers and staff at all ranks and grades across the organisation.

The data was then released and potentially able to be accessed by the public for between two and a half to three hours.

Mr Todd said the breach was a result of human error.

He said: “We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith.

“We’ve identified some steps that we can take to ensure that it doesn’t happen again.”

The breach was taken down by the PSNI but Mr Todd asked anyone who has obtained the information to “delete it straight away.”

– How did the PSNI become aware of the breach?

Mr Todd said that, other than the person responsible for the breach, the PSNI were unaware it had occurred until they saw it online.

The Belfast Telegraph, who first reported on the breach, became aware of it after they were contacted by a relative of a serving officer.

– What information was released in the breach?

The response to the request was an embedded table that had the rank and grade data of all employees at the PSNI, including surnames, initials, the locations of their departments and what department they work in.

Mr Todd said: “It is limited to surname and initial only, so there’s no other personal identifiable information contained within the information that was published.”

– What does it mean for officers and civilian employees?

The breach could jeopardise the safety of officers.

When Mr Todd was asked if the information breached could be useful to terrorist organisations, he said it is of “significant concern”.

He added: “We operate in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.”

The Democratic Unionist Party’s (DUP) Policing Board representative MLA Trevor Clarke said: “This not only jeopardises the safety of officers, but will further undermine morale within the organisation at a time when staff are holding the line amid unprecedented budget cuts.”

-Who has spoken about the data breach?

The Secretary of State for Northern Ireland Chris Heaton-Harris said he is “deeply concerned” about the data breach.

Meanwhile, the chairman of the PFNI Liam Kelly called it a breach of “monumental proportions”.

Alliance leader Naomi Long MLA has said the scale of the PSNI data breach reported on Tuesday evening is concerning.

Data and information in relation to thousands of officers has been mistakenly divulged in a case of “human error”.

Ms Long said immediate action must be taken.

“This level of data breach is clearly of profound concern, not least to police officers, civilian staff and their families, who will be feeling incredibly vulnerable and exposed tonight, and in the days ahead,” she said.

“Immediate action must be taken to offer them proper information, support, guidance and necessary reassurances regarding their and their families’ security.

“Whilst the personal data has now been removed, once such information has been published online, it leaves an indelible footprint.

“That such sensitive information could ever have been held in a manner open to such a breach is unconscionable and will require serious investigation; however, the most urgent issue is supporting those whose security has been compromised.”

The former justice minister added: “Alliance representatives on the Policing Board are seeking an urgent meeting of the board to be convened with PSNI senior management team to address this unprecedented security breach.”

The Ulster Unionist Party representative on the Policing Board of Northern Ireland, Mike Nesbitt MLA, has called for an Emergency Meeting of the Policing Board today.

“I have requested the Board call an Emergency Meeting tomorrow when the Board can hear directly from the PSNI’s Senior Executive Team,” he said.

“It is imperative that officers, staff and their families and friends understand how seriously this breach is being taken and that the Board is determined to fulfil its oversight and challenge functions appropriately.

“There are several issues here. First, ensuring those who now feel themselves at risk are given a realistic assessment of the implications of the data breach. Second, why was there no “fail safe” mechanism to prevent this information being uploaded. Third, there is the question of whether it was a genuine mistake and here, the principle of innocent until proven guilty applies.

“I view this like a serious incident when people are seriously physically injured. The priority is to assist the injured. Only after that do you turn to examine the other issues. In other words, my thoughts are with those whose names have been released into the public domain, who had a reasonable expectation this would never happen.”

The Social Democratic and Labour Party policing spokesman Mark H Durkan called on the PSNI Chief Constable to make a statement.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know.