'Ello ello ello. What's all this then?
Just days after it was learned that the police had exposed the details of their 10,000 staff in Northern Ireland, another force has admitted to an embarrassing breach of sensitive data.
Cumbria Police has admitted that it accidentally published on its website the names and salaries of all of its staff.
According to the force, the breach involving the pay and allowances of every police officer and staff member up until March 31 2022. Dates of birth and addresses were not released. As with the breach in Northern Ireland, "human error" has been blamed.
Cumbria Police says that the data breach was brought to its attention on March 6 2023, and removed from the website on the same day. What isn't clear, however, is how long the information was present on Cumbria Police's website.
Describing the impact of the breach as "low," Cumbria Police says that it has contacted every affected person, as well as the Information Commissioner's Office (ICO).
The ICO confirmed to The Register that it had been contacted by Cumbria Police about the incident in March, and that it had offered data protection advice to help the constabulary from suffering a similar incident in future. The ICO concluded that no further action was necessary.
In short it feels like the official line is "Nothing to see here, please move along."
Reaction to the breach at Northern Ireland's PSNI are nothing like as relaxed, with dissident republicans claiming to be in possession of the sensitive information about Northern Ireland officers, and even media reports that a redacted version of the leaked spreadsheet listing the names of officers was posted on a wall facing Sinn Fein's office in Belfast.
Some officers have said that they are moving their families out of Northern Ireland as a result of the data breach.
Cumbria Police's data breach does not seem anything like as dangerous as the one in Northern Ireland, but it does underline an ongoing concern as to just how easy it is for a blundering worker to share more information than they intended with the entire internet.
Organisations of all types need to put more technology, safeguards, and training in place to help prevent the accidental leaking of sensitive data or face the prospect of being hit by significant fines and compensation claims from those affected.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024