LAST UPDATE | 9 Aug 2023
THE POLICE SERVICE of Northern Ireland has declared as a “critical incident” a major data breach which resulted in personal and employment data of all staff being published online.
Meanwhile, a second data breach has emerged after the PSNI confirmed the theft of documents, including a spreadsheet containing the names of more than 200 serving officers and staff, from a private vehicle last month.
Assistant Chief Constable Chris Todd said the service is investigating the circumstances surrounding the theft.
“The documents, along with a police issue laptop and radio, were believed to have been stolen from a private vehicle in the Newtownabbey area on 6 July,” said Todd.
“We have contacted the officers and staff concerned to make them aware of the incident and an initial notification has been made to the office of the Information Commissioner regarding the data breach.”
The second breach has been confirmed following an apology from the PSNI for a “critical incident” which affected some 10,000 officers and staff.
This breach occurred when the service responded to a Freedom of Information request seeking the number of officers and staff of all ranks and grades across the organisation.
In the published response to this request, a table was embedded which contained the rank and grade data, but also included detailed information that attached the surname, initial, location and departments for all PSNI employees.
The data was potentially viewable by the public for between 2.5 to three hours.
Speaking today, Assistant Chief Constable Chris Todd said the PSNI’s investigation into this breach is ongoing.
“I can confirm that, following a routine Freedom of Information (FoI) request data contained within a spreadsheet was published on a legitimate FoI website,” said Todd.
“This included the surname, initials, rank/grade, role and location of all serving officers and staff. This data was available to view on the website for a period of up to three hours before it was removed.”
Todd added that the PSNI is “acutely aware of the seriousness of this breach and have declared it to be a critical incident”.
“We are working hard to do everything we can to mitigate any risk. We are working with our security partners and organisations to investigate this incident.”
The PSNI Assistant Chief Constable added that updated personal security advice has been issued to all staff and an “emergency threat assessment group” has been established.
Todd also said that an Independent Advisor will conduct an “end to end review of our processes in order to understand what happened, how it happened and what we can do immediately to prevent such a breach happening in the future”.
Meanwhile, Todd said that PSNI Chief Constable Simon Byrne is cutting short a family holiday due to the “extremely serious situation” and confirmed that Byrne will attend tomorrow’s special sitting of the Northern Ireland Policing Board.
Liam Kelly, chairman of the Police Federation for Northern Ireland (PFNI) which represents rank and file officers, said he has been “inundated” with messages from officers who are “shocked, dismayed and basically angry”.
Our officers go to great lengths to protect their identities. Some of them don’t even tell their close friends and associates that they are actually in the police.”
Kelly told BBC Radio 4′s Today programme that in his 29 years in the police service, he has “never experienced something like this”.
Police in the region are under threat from terrorists, with the current assessed level of threat at severe, meaning an attack is highly likely.
Earlier this year, Chief Constable Simon Byrne said he received briefings almost every day about plots to attack and kill his officers, adding that the ongoing threat from dissident republicans remains a “real worry”.
Kelly said that legal action is “something we will consider once the investigation concludes” and that he is not willing to do a vote of no confidence in the chief constable “at this point”.
Speaking this evening, Kelly said that confirmation of a second data breach “makes matters worse”.
“Clearly, urgent answers are required. How did this happen? What steps were put in place to advise and safeguard so many colleagues? How did this actually happen?
“The major security breach was bad enough but this heaps further additional pressure on the PSNI to produce credible explanations around data security protocols and the impact on officer safety.”
Elsewhere, Northern Ireland Secretary Chris Heaton-Harris said he is “deeply concerned” and added that “senior officers are keeping me updated.”
Addressing the media in Belfast yesterday evening, PSNI Assistant Chief Constable Chris Todd apologised to officers for the “unacceptable” breach following the FOI request.
He said that, once it was brought to the PSNI’s attention, it was taken down “quickly”, and that early indications are it was a “simple human error”.
Todd also said there are no immediate security concerns, but the situation is being monitored.
“The information was taken down very quickly but, nevertheless, I do appreciate the concern, of course we will seek to find the extent to which that has been viewed,” he said.
“What I would say is that, although the error was our own, once that information was out there if anybody did have access to it I would ask them to delete it straight away.”
The incident was first reported by the Belfast Telegraph, which said it had viewed the uploaded material after being contacted by a relative of a serving officer.
Apart from the person who released the information, the PSNI was unaware of it until it was seen on a website, Todd confirmed.
He said that despite the data only including surnames and initials, the breach will still be “of significant concern to many of my colleagues”.
“We will ensure we do anything we can to mitigate any security risks that are identified.”
He added: “We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith.
“We’ve identified some steps that we can take to ensure that it doesn’t happen again.
“It is regrettable but it is simple human error.”
Politicians have reacted with shock since the news of the breach came to light yesterday evening.
Sinn Féin vice president Michelle O’Neill described it as “very worrying”.
“I’m very mindful of the officers, the staff and their families at this time,” she said. “But we now need all the facts laid out bare for us all to see.”
She said she hoped accountability would be achieved in an emergency policing board meeting tomorrow.
Asked if Chief Constable Simon Byrne should step down over the data breach, O’Neill said: “I think the story is unfolding but what’s very clear is that we need to have this emergency policing board meeting… we need to see the reason why this happened… and there needs to be accountability around all of that.
Speaking to RTÉ’s Morning Ireland today, Alliance MLA and former Justice Minister Naomi Long has said a serious aspect of the breach is the “human and financial cost of what has happened”.
“There will have been officers, their families, members of civilian staff and their families, who will have spent a very uncomfortable night last night feeling exposed and vulnerable in a way that they previously didn’t,” Long said.
“There will be many officers whose name, rank and base where they work will already be in the public domain and for them, in some ways, this will not affect their level of security threat,” she said.
However, Long added that “for others, for civilian staff, for officers who work in particularly sensitive areas” and their families could feel “incredibly vulnerable”.
“This is an incredibly serious situation,” she said.
“While I understand that it is, if you like, simple human error that led to the breach, I think there are systemic failures that need to be properly investigated as to how a single individual could ever have been in a position to release that amount of data anywhere, in any shape or form, without proper checks,” Long added.
Doug Beattie, leader of the Ulster Unionist Party, said everyone should be concerned about the data breach.
“Until we know the full extent of this and the repercussions from it, I think we all need to keep some cool heads.
“But the most important thing here is to rally around those police officers and their families and civilian staff who are affected by this.
“And they’re the ones that we need to really focus on at this moment in time.”
Asked if the Chief Constable should resign over the matter, Beattie said: “I think it’s too early to be in the space to call for anybody to resign. But the more we get to know about this, the more we can make informed decisions.
“But right now, there’s no point doing speculation, it’s better getting the information.”
DUP MLA for South Antrim, Trevor Clarke, a member of the Northern Ireland Policing Board, said they would look for answers when it meets tomorrow, and pinned some blame on Heaton-Harris.
“The Secretary of State has presided over a budget, which is the worst that the police have ever had – they’ve looked to reduce numbers at a time they should’ve been increasing numbers,” he told BBC Radio 4’s World Tonight.
A spokesman for the Information Commissioner’s Office said the PSNI “has made us aware of an incident and we are assessing the information provided”.
Includes reporting by Press Association and Diarmuid Pepper
To embed this post, copy the code below on your site
have your say