Staff Data Breach: British Police Could Be Fined £750k

Uploaded on 2024-05-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, TECHNOLOGY--Hackers

The Police Service of Northern Ireland (PSNI) could be fined £750,000 for a major data breach last year after mistakenly disclosing the names of all 9,483 serving officers and staff in a spreadsheet published online. It was subsequently confirmed that the information was in the hands of potentially deadly dissident Republicans.  

While the PSNI has said it cannot afford such a fine, however if ir were not a public body, the fine would have been in the millions. The British data regulator, the Information Commissioner's Office (ICO), has announced that the proposed fine could be imposed on the PSNI "for failing to protect the personal information of its entire workforce".

The breach happened when police answered a Freedom of Information request and information was published online about the PSNI's 9,483 policing and civilian employees and the personal information included the surname, initials, rank, and role of all serving PSNI officers and staff.

In provisional findings announced recently, UK Information Commissioner John Edwards said: “The sensitivities in Northern Ireland and the unprecedented nature of this breach created a perfect storm of risk and harm, and show how damaging poor data security can be." He added: “Throughout our investigation, we heard many harrowing stories about the impact this avoidable error has had on people’s lives, from having to move house, to cutting themselves off from family members and completely altering their daily routines because of the tangible fear of threat to life."

The proposed fine is provisional to allow the PSNI to make representations before a final decision.Mr Edwards also revealed that the potential fine could have been £5.6m, but he used discretion to significantly reduce the amount to ensure public money is not diverted from where it is most needed.

The ICO has issued the PSNI with a preliminary enforcement notice requiring the police service to improve the security of personal information when responding to Freedom of Information requests.  

The PSNI  Chief Constable, Jon Boutcher, has previously announced that every PSNI officer and staff member would be offered a one-off payment of £500 to help with home security measures following the data breach. The incident contributed to the resignation of the previous Chief Constable who has now left the force.

ICO   |   Irish News   |   BBC   |   Scottish Legal   |    Personnel Today  |   Computer Weekly   |   Bleeping Computer 

You Might Also Read: 

Another British Police Force Leaks Confidential Data:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Time For Cyber Force
Facial Recognition Technology Defects »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

NSEIT

NSEIT

NSEIT offers end-to-end Information Technology products, solutions and services including cybersecurity to organizations in the financial sector.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

Trustless Computing Association (TCA)

Trustless Computing Association (TCA)

TCA is is a non-profit organization promoting the creation and wide availability of IT and AI technologies that are radically more secure and accountable than today’s state of the art.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

CSRI solves the cyber security threats of tomorrow, today. We work with industry and government leaders on innovative research that has real-world impact.

Nine23

Nine23

Nine23 are a highly focused cyber security solutions company that defines, builds and manages innovative services, enabling end-users to use technology securely in today’s workplace.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

C/side (cside)

C/side (cside)

At c/side, we're creating the ultimate delivery, performance and detection mechanism for browser-side fetched 3rd party Javascript.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.

Bedrock Security

Bedrock Security

Bedrock Security is at the forefront of revolutionizing data security in the cloud and GenAI era.