A “monumental” data breach has exposed the names and rank of all 10,000 serving police officers in Northern Ireland, with the body representing the force warning of “incalculable damage” should it end up in the wrong hands.
The Police Service of Northern Ireland (PSNI) has apologized for mistakenly sharing sensitive data in response to a Freedom of Information (FOI) request seeking to understand the numbers of officers in the organization.
Police in Northern Ireland remain under threat and have been regularly targeted in long years of conflict over British rule in the region.
The data breach comes just months after a serving Northern Irish police officer was left fighting for his life after being shot multiple times in front of his young son in February.
Seven men have been charged with attempted murder over the attack, with two were also charged with membership of a proscribed organization, the Irish Republican Army (IRA), a paramilitary group which seeks the end of British rule in Northern Ireland and the reunification of Ireland.
“We operate in an environment at the moment where there is a severe threat to our colleagues from Northern Ireland-related terrorism, and this is the last thing that anybody in the organization wants to be hearing this evening,” said Chris Todd, PSNI’s senior information risk owner, at a news conference in Belfast on Tuesday evening.
Todd said the breach was the result of “simple human error” in response to a “routine” FOI request.
An FOI request can provide public access to information held by public authorities, unless there is good reason for authorities to withhold that information.
In detailing the number of staff across the organization, a PSNI member of staff embedded the data with “the surname, the initial, the rank or grade, the location and the department, for each of our current employees across the police service,” said Todd.
The spreadsheet was published online at around 2.30 p.m. Tuesday and was visible for more than two hours before being taken down.
“Although it was made available as a result of our own error, anyone who did access the information before it was taken down is responsible for what they do with it next. It is important that data anyone has accessed is deleted immediately,” said Todd.
Northern Ireland’s Police Federation, which represents rank-and-file officers, said it was “appalled” by the “potentially calamitous” breach.
“This is a breach of monumental proportions. Even if it was done accidentally, it still represents a data and security breach that should never have happened,” Liam Kelly, chair of the federation, said in a statement.
“Inadequate or poor oversight of FOI procedures must be addressed and addressed urgently. New safeguards are obviously required to prevent this from ever happening again,” he said.
Kelly said many serving officers “do everything possible to protect their police roles,” due to heightened security concerns in Northern Ireland.
Speaking on BBC Radio 4’s Today program on Wednesday, Kelly said that PSNI officers operate “under the veil of the highest potential threat.”
“What you’ve got here is a spectrum of officers. People like myself and the senior management in police, it’s public knowledge that we are police officers, it’s public knowledge where we work, but there are a lot of officers in our service who don’t have that freedom available to them, for all manner of reasons,” he said.
He said legal action is “something we will consider once the investigation concludes.”