Fears for police officers’ safety after catastrophic data breach in Northern Ireland

A major data breach involving personal details of every officer of the Police Service of Northern Ireland (PSNI) has left staff fearing for their safety.

The police service mistakenly divulged the names, ranks and other personal data in response to a Freedom of Information (FoI) request.

The “routine inquiry” had asked for a breakdown of the number of officers the PSNI has of each rank and was published online, PSNI assistant chief constable Chris Todd said at a press briefing in Belfast on Tuesday.

“We’ve responded to that request, which was seeking to understand the total numbers of officers and staff at all ranks and grade across the organisation, and in the response, unfortunately, one of our colleagues has embedded the source data, which informed that request,” said Mr Todd.

This source data included the “surname, initial, the rank or grade, the location and the departments for each of our current employees across the police service”, he added, noting that every serving police officer and member of police staff’s data has been compromised.

The details were accidentally published on the FoI directory, What Do They Know, for a period of time before being taken down.

It is understood that the leaked details do not include officers’ and civilians’ private addresses.

Mr Todd apologised to the officers for the breach caused by “simple human error”, adding that it was “unacceptable”.

He also said there was nothing at the moment to suggest “there’s any immediate security concerns” but added the police service has put “actions in place to ensure that if anything does arise we will be aware of that, and then we can mitigate accordingly”.

He added: “We’ve looked into the circumstances, we’ll continue with our investigation, but the very early considerations are that this is simple human error and the people who have been involved in the process have acted in good faith.”

“We’ve identified some steps that we can take to ensure that it doesn’t happen again,” he told reporters.

He also said the severe terrorist threat facing PSNI officers has made news of the extensive data breach “the last thing that anybody in the organisation wants to be hearing”.

A spokesperson for the Information Commissioner’s Office said: “The Police Service of Northern Ireland has made us aware of an incident and we are assessing the information provided.”

The secretary of state for Northern Ireland, Chris Heaton-Harris, said he was “deeply concerned” by news of the data breach. “My officials are in close contact with senior officers and are keeping me updated,” he wrote on X, formerly Twitter.

Mike Nesbitt, the Ulster Unionist Party representative on the Policing Board of Northern Ireland, has called for an emergency meeting of the board on Wednesday in response to the disclosure.

In a statement, Mr Nesbitt said the breach must be seen to be taken seriously by the police.

“It is imperative that officers, staff and their families and friends understand how seriously this breach is being taken, and that the board is determined to fulfil its oversight and challenge functions appropriately,” he said.

“There are several issues here. First, ensuring those who now feel themselves at risk are given a realistic assessment of the implications of the data breach,” added Mr Nesbitt. “Second, why was there no ‘fail safe’ mechanism to prevent this information being uploaded.

“Third, there is the question of whether it was a genuine mistake and, here, the principle of innocent until proven guilty applies. I view this like a serious incident when people are seriously physically injured. The priority is to assist the injured. Only after that do you turn to examine the other issues.”

Alliance Party leader and former justice minister Naomi Long said: “This level of data breach is clearly of profound concern, not least to police officers, civilian staff and their families, who will be feeling incredibly vulnerable and exposed tonight, and in the days ahead.”

“Immediate action must be taken to offer them proper information, support, guidance and necessary reassurances regarding their and their families’ security,” Ms Long advised.

She noted that while this data had been removed, “once such information has been published online, it leaves an indelible footprint”.

“That such sensitive information could ever have been held in a manner open to such a breach is unconscionable and will require serious investigation. However, the most urgent issue is supporting those whose security has been compromised,” she added.