PSNI Assistant Chief Constable Chris Todd speaks to media about a data breach involving officers and civilian staff, at PSNI headquarters, in the Knock area of east Belfast (Picture: PA)
The name and rank of every single serving police officer in Northern Ireland has been exposed in a data breach ‘of monumental proportions’.
Northern Ireland Secretary Chris Heaton-Harris said he is ‘deeply concerned’ by the breach, while the Police Federation for Northern Ireland (PFNI) said its members are ‘appalled’.
The incident happened as the PSNI responded to a Freedom of Information request seeking the number of officers and staff at all ranks and grades across the organisation.
In the published response a table was embedded that contained the rank and grade data, but also included detailed information that attached the surname, initial, the location and the departments for all employees of the PSNI.
The data was potentially viewable by the public for up to three hours.
Addressing the media in Belfast on Tuesday, Assistant Chief Constable Chris Todd apologised to officers for the ‘unacceptable’ breach.
He said that once it was brought to the PSNI’s attention it was taken down ‘quickly’, and that early indications were that this was a ‘simple human error’.
Mr Todd also said there were no immediate security concerns, but they were monitoring the situation.
‘I understand that that will be of considerable concern to many of my colleagues and their families indeed, at the moment,’ he said.
‘We operate in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.
The breach reportedly involves names, ranks and other personal data, but does not involve the officers’ and civilians’ private addresses, it is understood (Picture: PA)
‘So, I owe it to all my colleagues to make sure that this is investigated thoroughly, and we’ve initiated that and will keep them informed, keep all the staff associations informed of that investigation, and we’ve been engaging with them throughout the afternoon.
‘The information was taken down very quickly but, nevertheless, I do appreciate the concern, of course we will seek to find the extent to which that has been viewed.
‘What I would say is that although the error was our own, once that information was out there if anybody did have access to it, I would ask them to delete it straight away.’
The incident was first reported by the Belfast Telegraph, which reported that it viewed the uploaded material after it was contacted by a relative of a serving officer.
Apart from the person who released the information, the PSNI was unaware the information had been released until they saw it on a website, Mr Todd confirmed.
He said that despite the data only including surnames and initials, the breach will still be ‘of significant concern to many of my colleagues’.
‘We will ensure we do anything we can to mitigate any security risks that are identified.’
More: Trending
He added: ‘We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith.
‘We’ve identified some steps that we can take to ensure that it doesn’t happen again.
‘It is regrettable but it is simple human error.’
Liam Kelly, chairman of the PFNI, said an urgent inquiry is needed into the ‘monumental’ breach.
‘This is a breach of monumental proportions. Even if it was done accidentally, it still represents a data and security breach that should never have happened,’ he said.
‘Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.
‘The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.
‘We have many colleagues who do everything possible to protect their police roles. We’re fortunate that the PSNI spreadsheet didn’t contain officer and staff home addresses, otherwise we would be facing a potentially calamitous situation.
‘Inadequate or poor oversight of FOI procedures must be addressed and addressed urgently. New safeguards are obviously required to prevent this from ever happening again.’
Politicians have reacted with shock – the SDLP’s policing spokesman Mark H Durkan called on PSNI Chief Constable Simon Byrne to make a statement.
Mr Todd said Mr Byrne is aware of the issue, but would not comment on whether he would return from his summer break to respond.
‘I’m the duty officer and I’m the senior information risk owner, so I take responsibility for this,’ he said.
A spokesman for the Information Commissioner’s Office said that the PSNI ‘has made us aware of an incident and we are assessing the information provided’.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
The breach reportedly involves names, ranks and other personal data, but does not involve private addresses, it is understood.