Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

PSNI apologises to officers and civilian staff after ‘monumental’ data breach

Assistant Chief Constable Chris Todd said the data breach appeared to be the result of ‘simple human error’.

PA Reporters
Wednesday 09 August 2023 06:09 BST
Police Service of Northern Ireland Assistant Chief Constable Chris Todd told the media the data breach was down to human error (Rebecca Black/PA Wire)
Police Service of Northern Ireland Assistant Chief Constable Chris Todd told the media the data breach was down to human error (Rebecca Black/PA Wire) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Police Service of Northern Ireland (PSNI) has apologised to its thousands of serving officers and civilian staff whose personal and employment data was compromised in a “significant” data breach.

Northern Ireland Secretary Chris Heaton-Harris said he is “deeply concerned” by the data breach, while the Police Federation for Northern Ireland (PFNI) said its members are “appalled”.

The incident happened when the PSNI responded to a Freedom of Information request seeking the number of officers and staff at all ranks and grades across the organisation.

In the published response to this request a table was embedded that contained the rank and grade data, but also included detailed information that attached the surname, initial, the location and the departments for all employees of the PSNI.

The data was potentially viewable by the public for between 2.5 to three hours.

Addressing the media in Belfast on Tuesday, Assistant Chief Constable Chris Todd apologised to officers for the “unacceptable” breach.

He said that once it was brought to the PSNI’s attention it was taken down “quickly”, and that early indications were that this was a “simple human error”.

Mr Todd also said there were no immediate security concerns, but they were monitoring the situation.

“I understand that that will be of considerable concern to many of my colleagues and their families indeed, at the moment,” he said.

“We operate in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.

“So, I owe it to all my colleagues to make sure that this is investigated thoroughly, and we’ve initiated that and will keep them informed, keep all the staff associations informed of that investigation, and we’ve been engaging with them throughout the afternoon.

“The information was taken down very quickly but, nevertheless, I do appreciate the concern, of course we will seek to find the extent to which that has been viewed.

“What I would say is that although the error was our own, once that information was out there if anybody did have access to it, I would ask them to delete it straight away.”

The incident was first reported by the Belfast Telegraph, which reported that it viewed the uploaded material after it was contacted by a relative of a serving officer.

Apart from the person who released the information, the PSNI was unaware the information had been released until they saw it on a website, Mr Todd confirmed.

He said that despite the data only including surnames and initials, the breach will still be “of significant concern to many of my colleagues”.

“We will ensure we do anything we can to mitigate any security risks that are identified.”

He added: “We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith.

“We’ve identified some steps that we can take to ensure that it doesn’t happen again.

“It is regrettable but it is simple human error.”

Liam Kelly, chairman of the PFNI, said an urgent inquiry is needed into the “monumental” breach.

“Even if it was done accidentally, it still represents a data and security breach that should never have happened,” he said.

“Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.

“The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.”

Politicians have reacted with shock – the SDLP’s policing spokesman Mark H Durkan called on PSNI Chief Constable Simon Byrne to make a statement.

DUP MLA for South Antrim, Trevor Clarke, a member of the Northern Ireland Policing Board, said they would look for answers when it meets on Thursday, and pinned some blame on Mr Heaton-Harris.

“The Secretary of State has presided over a budget, which is the worst that the police have ever had – they’ve looked to reduce numbers at a time they should’ve been increasing numbers,” he told BBC Radio 4’s World Tonight.

Mr Todd said Mr Byrne is aware of the issue, but would not comment on whether he would return from his summer break to respond.

“I’m the duty officer and I’m the senior information risk owner, so I take responsibility for this,” he said.

A spokesman for the Information Commissioner’s Office said the PSNI “has made us aware of an incident and we are assessing the information provided”.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in