Personal details of more than a thousand crime victims leaked in another huge police data breach

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Norfolk and Suffolk Police have admitted to a major data breach after it was revealed that the personal details of 1,230 people – including victims of crime and witnesses – were mistakenly included in Freedom of Information (FOI) responses.

The constabularies issued a joint statement explaining they had identified an issue with “a very small percentage” of responses to FOI requests for crime statistics between April 2021 and March 2022.

Raw data relating to crime reports was included in the FOI responses, including identifiable information on victims, witnesses, and suspects, as well as descriptions of offences.

“It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime,” the constabularies said in their joint statement.

The data was not obviously visible to anyone opening the files, but “it should not have been included”, the police forces said.

They added that the hidden data would not have been “immediately obvious” and anyone who had the FOI response would have “needed to know how to access the information”.

The police are currently notifying those whose data was breached, with a total of 1,230 people being contacted via mail, telephone or face-to-face depending on the severity of the breach.

“Within the notification, people will be provided with all the necessary information including what personal data specific to them has been impacted and details of who they can contact for support,” the statement read.

Assistant Chief Constable of Suffolk Police, Eamonn Bridger, apologised for the leak, adding that procedures for handling FoI requests made to the constabularies “are subject to continuous review to ensure that all data under the constabularies’ control is properly protected”.

The Information Commissioner’s Office (ICO) said it was currently investigating this breach as well as a separate breach reported in November last year.

Dame Vera Baird, the former victims’ commissioner, told The Independent that the breach was “appalling” and “shocking”. Dame Vera said she was not reassured by the police saying someone would have “needed to know how to access the information”.

“There are people who know how to access data once it’s out there, so the risk is obvious,” she said. “We don’t know if it is the worst-case scenario – we hope it won’t be – but it’s a tremble to public confidence.”

“Victims and witnesses are entitled to anonymity, so confidence is being breached. It can take a great deal of courage to come forward, so even the idea your details could be out there is very frighting. It could be a deterrent to people coming forward.”

While the breach involved statistics between April 2021 and March 2022, the former victims’ commissioner said the Crown Prosecution Service (CPS) would want to examine whether any ongoing cases had been compromised by the data breach. “They will be very anxious about victims frightened from coming [to court].”

She added: “You can’t exclude the possibility the IOPC [Independent Office for Police Conduct] or even the CPS would want to look at this, but we will have to wait and see just how serious it is.”

The Independent understands Suffolk and Norfolk approached IOPC about the data breach, but the organisation said there would have to be a formal complaint about an officer’s conduct before it could investigate. The CPS said it would not be commenting on the data breach.

This leak comes just days after a major data breach involving personal details of every officer of the Police Service of Northern Ireland (PSNI) triggered fears for their safety.

Deputy chief constable Chris Todd confirmed the names, ranks, and other personal data “for each of our current employees across the police service” had been mistakenly divulged in response to a “routine” FoI request.

The data was posted on the site WhatDoTheyKnow for a short period of time before being taken down. Mr Todd said the severe terrorist threat facing PSNI officers has made news of the extensive data breach “the last thing that anybody in the organisation wants to be hearing”.

PSNI chief constable Simon Byrne said he is confident that information on police officers and civilian staff mistakenly was in the hands of dissident republicans. At a press conference in Belfast, Mr Byrne said he believed they would use the information to intimidate and target police.

Alistair Carmichael MP, Liberal Democrats’ home affairs spokesperson, called on home secretary Suella Braverman to conduct an urgent review of data handling across all police forces.

“Two data breaches in less than two months is simply unacceptable,” he said. “These errors can have chilling real-life consequences, and it’s disturbing to think that it is becoming routine.”