PSNI reveal details of second data breach after laptop and documents stolen
News

PSNI reveal details of second data breach after laptop and documents stolen

THE PSNI has revealed details of a second data breach just a day after a spreadsheet containing details of all serving officers and staff was inadvertently uploaded to the internet.

This afternoon, the force revealed that documents, a police issue laptop and radio were stolen from a private vehicle in Co. Antrim last month.

The documents included a spreadsheet with details of 200 serving officers and staff.

Assistant Chief Constable Chris Todd, the PSNI's Senior Information Risk Owner, said it had notified the Information Commissioner over the theft.

"Police are investigating the circumstances surrounding the theft of documents, including a spreadsheet containing the names of over 200 serving officers and staff," said ACC Todd.

"The documents, along with a police issue laptop and radio, were believed to have been stolen from a private vehicle in the Newtownabbey area on 6 July.

"We have contacted the officers and staff concerned to make them aware of the incident and an initial notification has been made to the office of the Information Commissioner regarding the data breach.

"This is an issue we take extremely seriously and as our investigation continues we will keep the Northern Ireland Policing Board and the Information Commissioner’s Office updated."

'Smallest human errors have major consequences'

The news of the theft comes a day after a spreadsheet containing the surname, initials, rank/grade, role and location of all serving officers and staff was published online.

The document was released following a routine Freedom of Information (FoI) request and appeared on a legitimate FoI website, where it was available to view for three hours.

Following yesterday's breach, the Information Commissioner's Office (ICO) confirmed it had launched an investigation.

"People have the right to expect that their personal information is kept safe and not disclosed when it shouldn't be," read a statement from the ICO.

"This incident raises serious concerns as it shows how even the smallest of human errors can have major consequences.

"We recognise the potential impact on the people and families affected by this breach, and we expect appropriate action to be taken by the Police Service of Northern Ireland as a matter of urgency.

"The incident demonstrates just how important it is to have robust measures in place to protect personal information, especially in a sensitive environment.

"The ICO works to support organisations to get this right so people can feel confident that their information is secure, and harms can be prevented.

"Following the report received from the PSNI, we are investigating the matter.

"Whilst this is a matter of serious concern, we do not yet know the extent to which the personal information was accessed during the time it was exposed.

"We are working with the PSNI to establish the level of risk and mitigations."

The data breaches come at a time when the threat level in relation to Northern Irish related terrorism sits at Severe, meaning an 'attack is highly likely'.