Explainer: What we know about PSNI’s ‘major data breach’

Data including information on Police Service of Northern Ireland officers was erroneously released in response to a Freedom of Information request

PSNI Assistant Chief Constable Chris Todd speaks to media about a data breach involving officers and civilian staff, at PSNI headquarters in Belfast on Tuesday. Photograph:  Rebecca Black/PA Wire
PSNI Assistant Chief Constable Chris Todd speaks to media about a data breach involving officers and civilian staff, at PSNI headquarters in Belfast on Tuesday. Photograph: Rebecca Black/PA Wire

A major data breach has compromised the personal and employment details of thousands of Police Service of Northern Ireland (PSNI) officers and civilian staff.

The force’s Assistant Chief Constable Chris Todd apologised to his staff for the breach, which left the Police Federation of Northern Ireland (PFNI) “appalled”.

How did the breach happen, and what does it mean for those affected?

How did the breach occur?

READ SOME MORE

The breach occurred when the PSNI responded to a Freedom of Information request seeking the number of officers and staff at all ranks and grades across the organisation.

The data was then released and potentially able to be accessed by the public for between two and a half to three hours.

Mr Todd said the breach was a result of human error.

He said: “We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith.

“We’ve identified some steps that we can take to ensure that it doesn’t happen again.”

The breach was taken down by the PSNI but Mr Todd asked anyone who has obtained the information to “delete it straight away.”

How did the PSNI become aware of the breach?

Mr Todd said that, other than the person responsible for the breach, the PSNI were unaware it had occurred until they saw it online.

The Belfast Telegraph, who first reported on the breach, became aware of it after they were contacted by a relative of a serving officer.

What information was released in the breach?

The response to the request was an embedded table that had the rank and grade data of all employees at the PSNI, including surnames, initials, the locations of their departments and what department they work in.

Mr Todd said: “It is limited to surname and initial only, so there’s no other personal identifiable information contained within the information that was published.”

What does it mean for officers and civilian employees?

The breach could jeopardise the safety of officers.

When Mr Todd was asked if the information breached could be useful to terrorist organisations, he said it is of “significant concern”.

He added: “We operate in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.”

The Democratic Unionist Party’s (DUP) Policing Board representative MLA Trevor Clarke said: “This not only jeopardises the safety of officers, but will further undermine morale within the organisation at a time when staff are holding the line amid unprecedented budget cuts.”

Who has spoken about the data breach?

The Secretary of State for Northern Ireland Chris Heaton-Harris said he is “deeply concerned” about the data breach.

Meanwhile, the chairman of the PFNI Liam Kelly called it a breach of “monumental proportions”.

Mr Clarke said the extent of the data breach in the PSNI is “unprecedented”.

The Social Democratic and Labour Party policing spokesman Mark H Durkan called on the PSNI Chief Constable to make a statement. - PA