Data leak at Northern Ireland Police Service exposes info on 10,000 police officers and staff

A data breach at the Police Service of Northern Ireland (PSNI) unwittingly exposed details of over 10,000 personnel.

The names and ranks of nearly the entire police force in Northern Ireland were exposed, with a potentially devastating impact on the security of officers.

How the breach happened

According to the PSNI, the leak occurred following a routine FOI request from a member of the public filed on Aug. 3.

“Could you provide the number of officers at each rank and number of staff at each grade,” the inquiry read.

A Freedom of Information (FOI) request gives members of the public the right to ask about all recorded information held by any UK-wide public authority.

The data leak accidentally took place when the solicitant receive a large Excel spreadsheet released as part of the FOI request. It included names, initials, ranks, work locations and departments of all PSNI personnel.

The breach was the result of “simple human error” in response to a “routine” FOI request, Chris Todd, PSNI’s senior information risk owner, told the press in a news conference in Belfast earlier this week.

He later said that a PSNI staff member mistakenly added: “the surname, the initial, the rank or grade, the location and the department, for each of our current employees across the police service.”

“Although it was made available as a result of our own error, anyone who did access the information before it was taken down is responsible for what they do with it next. It is important that data anyone has accessed is deleted immediately,” Todd said.

Private addresses were not exposed, but sensitive info such as the roles of members of organized crime units, intelligence officers stationed at ports and airports, and officers at MI5’s headquarters were revealed, igniting fears for officers’ safety.

The data released under the FOI request, including the Excel spreadsheet, ended up on the What Do They Know platform – a website designed to help individuals submit a Freedom of Information request, which also publishes and archives requests and responses.

The data was exposed for about 2.5 hours, then was removed following a PSNI request.

Worried about your data ending up in a data leak database online?

Use Bitdefender Digital Identity Protection to scan the web for unauthorized leaks of personal data and monitor your accounts before disaster strikes.