PSNI: Major data breach identifies thousands of officers and civilian staff
- Published
The Police Service of Northern Ireland (PSNI) has apologised for mistakenly revealing details of all its 10,000 staff.
NI's Police Federation said the breach could cause "incalculable damage".
In response to a Freedom of Information (FoI) request, the PSNI had shared names of all police and civilian personnel, where they were based and their roles.
The details were then published online, before being removed.
Apologising to officers, Assistant Chief Constable Chris Todd said the error was "unacceptable".
He added: "We operate in an environment, at the moment, where there is a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.
"I owe it to all of my colleagues to investigate this thoroughly and we've initiated that."
Northern Ireland police have been the targets of republican paramilitaries - the latest attack was in February.
The threat to officers means they must be extremely vigilant about their security.
Many, especially from nationalist communities, keep their employment secret, in some cases even from many family members.
The FoI request had asked the PSNI for a breakdown of all staff rank and grades.
But as well as releasing a table containing the number of people holding positions such as constable, the PSNI included a spreadsheet.
This contained the surnames of more than 10,000 individuals, their initials and other data.
It appears to cover everyone within the PSNI, from Chief Constable Simon Byrne down.
It does not include any private addresses.
Analysis: Individuals could be exposed
The scale of this error is enormous.
It is probably the worst data breach in the organisation's 22-year history.
The consequences are a little more difficult to evaluate.
Had this contained addresses, it would have been catastrophic in terms of assisting terrorist groups to target officers.
But the release of employee names could still expose individuals, many of whom take great care to keep who they work for a secret, even, in some cases, from friends and family.
That the information was published on a website for more than two hours will add to concerns within the workforce.
Northern Ireland Secretary Chris Heaton-Harris said he was "deeply concerned" by the data breach and that senior PSNI officers were keeping him updated.
The Police Federation of Northern Ireland, which represents officers' interests, expressed dismay and anger at the incident, calling it a "breach of monumental proportions".
Police officers in Northern Ireland were regularly attacked by republican paramilitary groups during the Troubles and members of the PSNI have also been targeted in gun and bomb attacks in the years following the Good Friday Agreement.
In February this year, senior PSNI officer Det Ch Insp John Caldwell was seriously injured in a shooting in Omagh, County Tyrone.
The following month, the terrorism threat level in Northern Ireland was raised from substantial to severe, meaning an attack is highly likely.
The Police Federation has called for an urgent inquiry.
Its chairman Liam Kelly said: "Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.
"The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information."
Mr Kelly added that it was fortunate that the PSNI spreadsheet had not given home addresses, saying that would have been a "potentially calamitous situation".
BBC News NI understands the contents of the FoI have been seen by current and former PSNI staff.
It is understood the sensitive information was published online, on the What Do They Know website, before being removed.
'Very alarmed'
Senior police personnel have been meeting to discuss the breach, which is being attributed to human error.
One person briefed told BBC News NI they were "very alarmed" by what had happened, describing it as "a major breach".
Stormont politicians will attend an emergency meeting on Thursday of the Northern Ireland Policing Board, which oversees the work of the PSNI.
Sinn Féin assembly member Gerry Kelly confirmed the meeting, at which he said he would be "asking why safeguards were not in place to prevent such a breach happening and how quickly measures can be put in place to ensure it won't happen again".
"In circumstances where the level of threat is at severe after the attempted murder of DCI John Caldwell there will be huge concern among members of the PSNI and their families and the wider community at this revelation," Mr Kelly added.
Trevor Clarke from the Democratic Unionist Party said: "Any data breach is unacceptable but more so when it discloses personal information identifying rank-and-file officers.
"This not only jeopardises the safety of officers but will further undermine morale within the organisation at a time when staff are holding the line amid unprecedented budget cuts."
The Alliance Party leader and former Justice Minister Naomi Long said: "This level of data breach is clearly of profound concern, not least to police officers, civilian staff and their families, who will be feeling incredibly vulnerable and exposed tonight and in the days ahead.
"That such sensitive information could ever have been held in a manner open to such a breach is unconscionable and will require serious investigation; however, the most urgent issue is supporting those whose security has been compromised."
Mike Nesbitt from the Ulster Unionist Party, who sits on the Policing Board, asked why there was "no 'fail safe' mechanism to prevent this information being uploaded".
He added that his "thoughts are with those whose names have been released into the public domain, who had a reasonable expectation this would never happen".
Social Democratic and Labour Party leader Colum Eastwood tweeted: "The level of incompetence involved here is staggering. So dangerous."
- Published14 August 2023
- Published28 March 2023