×

Irish Information Security Forum

Major Leak of Very Sensitive Staff Information by PSNI

 

The Police Force of Northern Ireland has found itself responsible for an unprecedented and industrial scale data breach following a monumental leak of confidential and very sensitive staff information. 

 

The leak on July 6, 2023 involved mistakenly sharing a spreadsheet detailing the surnames and initials of all serving officers in the PSNI, plus civilian staff members on foot of a Freedom of Information (FoI) request. It listed their rank or grade, plus location and department in which they work. To make matters worse, everything which was provided under the FoI, including the spreadsheet, was then published on the FoI website, "What Do They Know". It was removed after two-and-a-half hours at the PSNI's request, once they became aware of it. The spreadsheet is 10,799 lines long.

 

PSNI Data Breach Logo

"I can confirm that, following a routine Freedom of Information (FoI) request, data contained within a spreadsheet was published on a legitimate FoI website.  This included the surname, initials, rank/grade, role and location of all serving officers and staff.  This data was available to view on the website for a period of up to three hours before it was removed."

Assistant Chief Constable Chris Todd

 

Government agencies, especially those tasked with upholding the law and protecting citizens, must maintain the highest standards of data security to ensure the public's confidence and prevent any misuse of information. This incident has raised questions about the efficacy of the existing data protection protocols within the Police Force of Northern Ireland and whether similar vulnerabilities exist in other institutions or across other departments in the PSNI.

 

Data breaches, whether accidental, systematic or malicious, can have far-reaching consequences. This unprecedented data leak, beyond the immediate privacy concerns, exposed information of huge value to bad actors that would facilitate direct harassment of staff across the entiore the organisation, and exposing them to serious personal danger and as well as the providing an avenue for compromising ongoing investigations. 

 

In response to the breach, the Police Force of Northern Ireland has issued an official apology and pledged to review and strengthen data security policies and systems. It is crucial that such measures are promptly and effectively put in place to rebuild trust and safeguard sensitive information. The PSNI may now also be open to claims of compensation and fines.

 

It is imperative for organizations, especially those entrusted with public safety, to continuously assess their processes, procedures and systems, educate their personnel, and invest in state-of-the-art cybersecurity measures. The accidental leak of this very sensitive staff information by the Police Force of Northern Ireland stands as a stark reminder of the consequences that can arise from lapses in data protection and serves as a call to action for increased vigilance and accountability.

Statement on the data breach investigation - 09 August 2023

PSNI Confidential Information data leak UPDATE

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter