PSNI apologises to officers and civilian staff after ‘monumental’ data breach

Assistant Chief Constable Chris Todd said the data breach appeared to be the result of ‘simple human error’.
Police Service of Northern Ireland Assistant Chief Constable Chris Todd told the media the data breach was down to human error (Rebecca Black/PA Wire)
PA Wire
Pa Reporters8 August 2023

The Police Service of Northern Ireland (PSNI) has apologised to its thousands of serving officers and civilian staff whose personal and employment data was compromised in a “significant” data breach.

Northern Ireland Secretary Chris Heaton-Harris said he is “deeply concerned” by the data breach, while the Police Federation for Northern Ireland (PFNI) said its members are “appalled”.

The incident happened when the PSNI responded to a Freedom of Information request seeking the number of officers and staff at all ranks and grades across the organisation.

In the published response to this request a table was embedded that contained the rank and grade data, but also included detailed information that attached the surname, initial, the location and the departments for all employees of the PSNI.

The data was potentially viewable by the public for between 2.5 to three hours.

Addressing the media in Belfast on Tuesday, Assistant Chief Constable Chris Todd apologised to officers for the “unacceptable” breach.

He said that once it was brought to the PSNI’s attention it was taken down “quickly”, and that early indications were that this was a “simple human error”.

Mr Todd also said there were no immediate security concerns, but they were monitoring the situation.

“I understand that that will be of considerable concern to many of my colleagues and their families indeed, at the moment,” he said.

“We operate in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.

“So, I owe it to all my colleagues to make sure that this is investigated thoroughly, and we’ve initiated that and will keep them informed, keep all the staff associations informed of that investigation, and we’ve been engaging with them throughout the afternoon.

“The information was taken down very quickly but, nevertheless, I do appreciate the concern, of course we will seek to find the extent to which that has been viewed.

“What I would say is that although the error was our own, once that information was out there if anybody did have access to it, I would ask them to delete it straight away.”

The incident was first reported by the Belfast Telegraph, which reported that it viewed the uploaded material after it was contacted by a relative of a serving officer.

Apart from the person who released the information, the PSNI was unaware the information had been released until they saw it on a website, Mr Todd confirmed.

He said that despite the data only including surnames and initials, the breach will still be “of significant concern to many of my colleagues”.

“We will ensure we do anything we can to mitigate any security risks that are identified.”

He added: “We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith.

“We’ve identified some steps that we can take to ensure that it doesn’t happen again.

“It is regrettable but it is simple human error.”

Liam Kelly, chairman of the PFNI, said an urgent inquiry is needed into the “monumental” breach.

“Even if it was done accidentally, it still represents a data and security breach that should never have happened,” he said.

“Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.

“The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.”

Politicians have reacted with shock – the SDLP’s policing spokesman Mark H Durkan called on PSNI Chief Constable Simon Byrne to make a statement.

DUP MLA for South Antrim, Trevor Clarke, a member of the Northern Ireland Policing Board, said they would look for answers when it meets on Thursday, and pinned some blame on Mr Heaton-Harris.

“The Secretary of State has presided over a budget, which is the worst that the police have ever had – they’ve looked to reduce numbers at a time they should’ve been increasing numbers,” he told BBC Radio 4’s World Tonight.

Mr Todd said Mr Byrne is aware of the issue, but would not comment on whether he would return from his summer break to respond.

“I’m the duty officer and I’m the senior information risk owner, so I take responsibility for this,” he said.

A spokesman for the Information Commissioner’s Office said the PSNI “has made us aware of an incident and we are assessing the information provided”.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in