Explained: the PSNI's four data losses in 2023 and the fallout from them

UTV
psni
Data breach
Explainer
Tuesday 22 August 2023 at 11:30am

The PSNI has been rocked by what Chief Constable Simon Byrne described as an "industrial scale" data breach.

There have also been a series of other information losses which have embarrassed the organisation and shattered both public and staff confidence in the force.

Personal details of every serving officer, including some involved in undercover work, and member of civilian staff were accidentally posted online by the organisation at the beginning of August. Over 10,000 people were affected in what is the biggest security breach in UK policing history.

But that wasn't the first data breach to hit the PSNI in recent months. It wasn't even the second or third.

There have been four reported losses of data by the PSNI in 2023. In this UTV explainer, we walk through each of them in turn.

April - Sensitive document lost during Presidential visit

During US president Joe Biden's visit to Northern Ireland in April, a document marked 'PSNI and sensitive' was lost in Belfast city centre.

It is understood that the the document contained details of officer deployments for the large-scale security operation surrounding the visit to NI.

The operation was one of the largest in NI policing history, with 300 extra officers drafted in from the rest of the UK.

At the time, a PSNI spokesperson confirmed they were aware of the security breach, and had begun an investigation.

They added that the PSNI "take the safety of visiting dignitaries, members of the public and our officers and staff extremely seriously and will put the appropriate actions in place".July 6 - Laptop, radio and documents stolen from car

In July, a number of items were stolen from a private car in Newtownabbey.

Contained among the stolen items were spreadsheets containing the names of more than 200 serving officers and staff.

The PSNI said they were treating the theft "extremely seriously", and had notified officers and staff impacted by it.

While the theft occured in early July, it was not reported to the PSNI's information security unit until July 27, and the Information Commissioner was not told until July 31.

Officers and staff did not find out about this breach until August 4.

Policing Board member Mike Nesbitt MLA said that the "timelines" of the reporting of this breach by the PSNI "do not make sense to me", and wrtoe to the Chief Constable about the matter.

The public did not find out about this incident until after the third breach in early August.

August 8 - Details of all officers and staff posted online

In the most serious and wide-ranging of the breaches, a spreadsheet containing detailed information of all members of the PSNI was posted online.

The incident happened when the PSNI responded to a Freedom of Information request seeking the number of officers and staff of all ranks and grades across the organisation.

In the published response to this request a table was embedded which contained the rank and grade data, but also included detailed information that attached the surname, initial, location and departments for all PSNI employees.

The data was potentially visible to the public for between two-and-a-half to three hours. It was then taken down.

The information on more than 10,000 staff has since been spread widely, including to dissident republicans.

News of the breach was greeted with concern by officers and their representatives, who feared of risks to their safety from terrorists and organised crime.

Hundreds of members of staff have contacted a group set up for those concerned about risk following the breach.

The information has already been used to try and intimidate members of the policing board.

Material, from the leaked report, was posted on a wall facing the Sinn Féin offices. A picture of the SF MLA and Policing Board member Gerry Kelly was also posted to the wall along with a threatening message.

Chief Constable Simon Byrne flew home from a family holiday early to answer questions from the policing board, and to reassure staff.

The PSNI have apologised to their staff for the breach, and are investigating people

As of late August, one man has been charged with possession of documents likely to be useful to terrorists, in connection with the breach.

UTV understands that by Friday August 18, nearly half of the PSNI's staff had contacted the Police Federation over potential damages relating to the leak.

17 August - Notebook and laptop fall from car

In the latest data breach to hit the organisation, a police laptop and notebook fell off of a moving car.

It is believed the incident happened on the foreshore stretch of the M2 Motorway.

The Assistant Chief Constable Chris Todd said that the laptop was deactivated and recovered.

However, at the time, sections of the notebook were lost.

Police confirmed that missing sections of that notebook contained details of 42 officers and staff.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know.