PSNI data breach: 10,000 officers and staff 'lives could be at risk' after details released in error

Assistant Chief Constable Chris Todd apologised to his staff for the breach at a press conference on Tuesday night, admitting the breach had been ‘human error’.

It occurred when the PSNI responded to a Freedom of Information request from a member of the public seeking the number of officers and staff at all ranks and grades across the organisation.

However when the data was released it also included surnames and initials of all concerned – more than 10,000 individuals - along with the locations of their departments and what department they work in.

The information was potentially able to be accessed by the public for between two-and-a-half to three hours on Tuesday.

Alliance Party leader and former Justice Minister Naomi Long said many questions now needed to be answered.

"This level of data breach is clearly of profound concern, not least to police officers, civilian staff, and their families, who will be feeling incredibly vulnerable and exposed,” she said.

"Immediate action must be taken to offer them proper information, support, guidance and necessary reassurances regarding their and their families' security.

"Whilst the personal data has now been removed, once such information has been published online, it leaves an indelible footprint.

"That such sensitive information could ever have been held in a manner open to such a breach is unconscionable and will require serious investigation; however, the most urgent issue is supporting those whose security has been compromised.”

The DUP’s lead Policing Board representative Trevor Clarke described the situation as “deeply alarming”.

Speaking on BBC Radio Ulster, he said some members of the police service had kept their job secret from their family and friends.

"Now because of this error they have to come clean and tell their family about what they have been doing.

Mr Clarke said he had been emailed during the night from people concerned about what has been described as an ‘unprecedented’ data issue within the force.

“It’s like something you watch on Netflix and think it couldn’t happen. People are really concerned about the outworkings of all of this,” he said.

Sinn Féin policing spokesperson MLA Gerry Kelly said the data breach could put lives in danger.

“While no addresses were given surnames, ranks and locations were provided in a table and a spreadsheet. We need to know how this breach occurred,” he said.

"There is an emergency Policing Board meeting on Thursday. I will be asking why safeguards were not in place to prevent such a breach happening and how quickly measures can be put in place to ensure it won’t happen again.

"In circumstances where the level of threat is at severe after the attempted murder of DCI John Caldwell there will be huge concern among members of the PSNI and their families and the wider community at this revelation,” Mr Kelly added.

Ulster Unionist representative on the Policing Board of Northern Ireland, Mike Nesbitt MLA, said it is imperative that officers, staff and their families and friends understand how seriously this breach is being take.

"There are several issues here. First, ensuring those who now feel themselves at risk are given a realistic assessment of the implications of the data breach. Second, why was there no ‘fail safe’ mechanism to prevent this information being uploaded. Third, there is the question of whether it was a genuine mistake and here, the principle of innocent until proven guilty applies.

"I view this like a serious incident when people are seriously physically injured. The priority is to assist the injured. Only after that do you turn to examine the other issues. In other words, my thoughts are with those whose names have been released into the public domain, who had a reasonable expectation this would never happen,” said Mr Nesbitt.

ACC Chris Todd, the PSNI’s Senior Information Risk Owner, said police are investigating the circumstances surrounding the data breach and it was appreciated the concern that this will cause many colleagues and families.

"We will do all that we can to mitigate any such concerns,” he said.

"An initial notification has been made to the office of the Information Commissioner regarding the data breach. The matter is being fully investigated and a Gold structure is in place to oversee the investigation and consequences. It is actively being reviewed to identify any security issues.

"The information was taken down very quickly. Although it was made available as a result of our own error, anyone who did access the information before it was taken down is responsible for what they do with it next. It is important that data anyone has accessed is deleted immediately.

"This is an issue we take extremely seriously and as our investigation continues we will keep the Northern Ireland Policing Board and the Information Commissioner’s Office updated.”