The data from the PSNI’s ultra-confidential human resources system is a gold mine for terrorists, offering details of officers working in intelligence and other highly sensitive areas.
The material was wrongly published on the internet today by the PSNI in what appears to be human error involving spreadsheet fields.
The spreadsheet in question contained standard statistical information on the strength of the PSNI, with details of how many officers it has at each rank.
However, a second tab in the spreadsheet contained tens of thousands of entries in relation to more than 10,000 individuals.
The spreadsheet, which has been seen by the Belfast Telegraph after it was alerted to it by a relative of a serving officer, includes each officer’s service number, their status, their gender, their contract type, their last name and initials, details of how much of the week they work, and their rank.
When contacted by the newspaper, the PSNI was already aware of the problem.
The database includes the location where each individual is based (but not their home address), their duty type (from chief constable to detective, intelligence officer and so on), details of their unit (such as the anti-corruption unit or the vetting department), their branch and department, and other technical information about their employment.
There are 10,799 entries in the database. There are 9,276 police officers and police staff. It is not yet clear if the additional entries relate to employees with different contracts or are duplicate entries.
The data has been removed from the internet, but it is not yet clear how long it was available online.
It is understood an email has been sent to PSNI staff advising them not to forward links to the data breach and to delete them immediately.
The email also confirmed a “Gold Group” has been convened by Assistant Chief Constable (ACC) Chris Todd to respond to the incident.
A Gold Group is the highest level of internal emergency response available to the PSNI and is generally convened in cases of serious public disorder or a major incident requiring the oversight of the ACC.
The ACC reports directly to the Chief Constable and if required, the national emergency committee COBRA in Whitehall.
One former senior PSNI officer told the Belfast Telegraph that it was “astonishing” and a “huge operational security breach” which will call into question the Chief Constable’s position.
“This is the biggest data breach I can recall in the PSNI,” he said.
“Many officers from Catholic communities don’t tell their families, friends and ex-school colleagues – I worked with many who never did even in recent times. That is a huge issue when that community is still underrepresented and the PSNI is trying to encourage applicants.“
He said that the system on which such sensitive data is stored “is highly regulated internally because of that fact, so even if this information is compromised only internally it’s still big”.
He added: “This is freely circulating on WhatsApp groups, including retired officers. It is in essence ‘out there’ and can never be retrieved; the operating assumption must be it will be outside of the police family.”
The former officer said that “a data breach so catastrophic can’t be blamed on a single member of staff, it’s a systemic failure, it shouldn’t be possible this can happen by a ‘slip of a pen’ so to speak”. UUP leader Doug Beattie said such a serious breach of data and staff security was “unbelievable”.
“It cannot be any more serious than this and hard to fathom how such a breach could happen accidentally,” he tweeted. The Information Commissioner’s Office (ICO) have also confirmed they are aware of the incident.
“The Police Service of Northern Ireland has made us aware of an incident and we are assessing the information provided,” said a spokesperson.
The Belfast Telegraph has contacted the PSNI for a response.
