‘Deeply concerning’ Met Police data breach put officers at risk, commissioner admits

A Met Police data breach that saw the names and ranks of staff released has put officers at risk and made many “very nervous”, the police commissioner said.

Sir Mark Rowley said it was “deeply concerning” that the personal data of a “majority of people” at the organisation was leaked, with 47,000 Met employees told about the potential exposure of their photographs and details.

Sir Mark said: “It is deeply concerning. There was data to do with security passes and personal data relating to the majority of people at the organisation, which was breached.

“In most cases, the data breach won’t create extra risk, but in some cases, it definitely will do.”

The breach, which happened this year and was revealed last week, occurred when cybercriminals managed to infiltrate the IT systems of a contractor responsible for printing warrant cards and staff passes.

Sir Mark added: “It has made people very nervous. Officers or staff in any organisation expect their data to be looked after.

“We need to be able to say to our police officers that we set the highest standards for data protection.”

He said the National Crime Agency was investigating the breach and working with people concerned about it.

One officer, who didn’t want to be named, told The Independent that some colleagues were having “sleepless nights” over the leak.

It follows an admission by the Police Service of Northern Ireland (PSNI) that the personal data of all its serving members was accidentally released in response to a freedom of information request on 8 August.

The release included details of about 10,000 PSNI officers and staff, including their surnames and first initials, rank or grade, where they worked and what unit they worked in.

Officers were left “shocked, dismayed, and angry” about the leak, with others asking to bring guns to Catholic mass to protect themselves, according to reports.

On Tuesday, Assistant Chief Constable Chris Todd told the Northern Ireland Affairs Committee that initial “recovery costs” of the breach would be between £24m and £37m. He said individual civil claims were estimated to cost up to £180m.

Days later, South Yorkshire Police said it was “deeply sorry” for a loss of data including bodycam footage recorded by officers between July 2020 and May 2023. The breach would affect evidence used in 69 ongoing cases, according to police.

The cases ranged from cannabis possession through to domestic abuse and sexual offences, the force told The Independent.

In the same month, Norfolk and Suffolk police disclosed the data of 1,230 people including victims, witnesses and suspects in cases ranging from domestic abuse, sexual offences, assault, theft and hate crime.

The Information Commissioner’s Office said it was investigating both forces. In a statement, the forces said there was no evidence anyone had clicked on links to read the files that had been released.