Every Police Officer in Northern Ireland Has Data Compromised in 'Monumental' Breach Due to Human Error
TEHRAN (Tasnim) – The Police Service of Northern Ireland (PSNI) has apologized for a self-inflicted security breach that has compromised the data of every serving officer and member of staff.
The service inadvertently published the information in response to a Freedom of Information (FOI) request on Tuesday, Sky News reported.
The breach involved the surname, initials, the rank or grade, the work location and departments of all PSNI staff, but did not involve the officers' and civilians' private addresses.
It also reveals members of the organized crime unit, intelligence officers stationed at ports and airports, officers in the surveillance unit and almost 40 PSNI staff based at MI5's headquarters in Holywood, the Belfast Telegraph reports.
PSNI officers have been the targets of republican paramilitaries in recent years and in March the terror threat level in Northern Ireland was raised to severe.
PSNI Assistant Chief Constable Chris Todd apologized for the breach, saying: "I've had to inform the Information Commissioner's office of a significant data breach that we're responsible for.
"This is unacceptable."
He said it was a result of "human error" with the people involved in the process having "acted in good faith".
Todd said the information was mistakenly made public for approximately two and a half to three hours after being published at 2.30pm on Tuesday afternoon.
The data breach was brought to his attention at 4pm and was then taken down within the hour.
He added the leak was "regrettable" and that steps had been identified to avoid a similar error from happening again.
Chris Heaton-Harris, the Northern Ireland Secretary, has said he is "deeply concerned" about the breach.
Writing on X (formerly Twitter), he said: "My officials are in close contact with senior officers and are keeping me updated."
Explaining how exactly the breach happened, Todd said: "What's happened is we've received a Freedom of Information request, that's quite a routine inquiry, nothing untoward in that.
"We've responded to that request, which was seeking to understand the total numbers of officers and staff at all ranks and grade across the organization, and in the response, unfortunately, one of our colleagues has embedded the source data, which informed that request.
"So, what was within that data was the surname, initial, the rank or grade, the location and the departments for each of our current employees across the police service."
When asked how useful the information would be to terrorist organizations, Todd said the breach is of "significant concern" to many colleagues and information on how they can protect their own personal security has been passed down.
The Information Commissioner's Office (ICO) has been notified about the incident.
An ICO spokesperson said: "The Police Service of Northern Ireland has made us aware of an incident and we are assessing the information provided."
The Belfast Telegraph initially reported the breach, after the newspaper was made aware of the spreadsheet by the relative of a member of police staff.
It reported the spreadsheet had the response to the FOI about police staffing numbers in one tab - with the source information mistakenly included in another.
The Information Commissioner's Office (ICO) has been notified about the incident.
An ICO spokesperson said: "The Police Service of Northern Ireland has made us aware of an incident and we are assessing the information provided."
The Belfast Telegraph initially reported the breach, after the newspaper was made aware of the spreadsheet by the relative of a member of police staff.
It reported the spreadsheet had the response to the FOI about police staffing numbers in one tab - with the source information mistakenly included in another.
Liam Kelly, chair of the Police Federation for Northern Ireland (PFNI), described the security breach as "monumental".
He added: "Even if it was done accidentally, it still represents a data and security breach that should never have happened.
"Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.
"The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.
"We have many colleagues who do everything possible to protect their police roles.
"We're fortunate that the PSNI spreadsheet didn't contain officer and staff home addresses, otherwise we would be facing a potentially calamitous situation."
The DUP's Policing Board representative, MLA Trevor Clarke, said the extent of the data breach in the PSNI is "unprecedented" and "deeply alarming".
He added: "The public will be rightly seeking answers and they deserve to see a robust response from the PSNI senior command."
The UUP representative on the Policing Board of Northern Ireland, MLA Mike Nesbitt, has called for an emergency meeting to discuss the breach, while Alliance leader Naomi Long MLA said it was of "profound concern".