Pierluigi Paganini August 10, 2023

Police Service of Northern Ireland (PSNI) mistakenly shared sensitive data of all 10,000 serving police officers in response to a FOI request.

The Police Service of Northern Ireland (PSNI) has mistakenly shared sensitive data of all 10,000 serving police officers in response to a Freedom of Information (FOI) request. The request aimed at determining the numbers of PSNI officers.

A FOI request is a formal inquiry made by an individual or organization to a government agency or public institution to obtain access to records, documents, or information held by that entity. The purpose of a FOI request is to promote transparency, accountability, and open government by allowing citizens to request and obtain information about the operations, decisions, and activities of government bodies.

Exposed data include the names and rank of all 10,000 serving police officers. The data leaked poses a severe risk for the officials.

“Police in Northern Ireland remain under threat and have been regularly targeted in long years of conflict over British rule in the region.” reported the CNN, which also highlighted the risk of attacks by the Irish Republican Army (IRA), the paramilitary group which seeks the end of British rule in Northern Ireland.

Chris Todd, PSNI’s senior information risk owner, explained that the data leak was caused by a simple human error.

“We operate in an environment at the moment where there is a severe threat to our colleagues from Northern Ireland-related terrorism, and this is the last thing that anybody in the organization wants to be hearing this evening,” said Chris Todd, PSNI’s senior information risk owner, at a news conference in Belfast on Tuesday evening.

A PSNI member of staff that responded to the FOI request mistakenly revealed “the surname, the initial, the rank or grade, the location and the department, for each of our current employees across the police service.”

The data were leaked in a spreadsheet that was published online this week and that remained accessible for more than two hours before being taken down.

“Although it was made available as a result of our own error, anyone who did access the information before it was taken down is responsible for what they do with it next. It is important that data anyone has accessed is deleted immediately,” said Todd.

“This is a breach of monumental proportions. Even if it was done accidentally, it still represents a data and security breach that should never have happened,” said Liam Kelly, chair of the Northern Ireland’s Police Federation. “Inadequate or poor oversight of FOI procedures must be addressed and addressed urgently. New safeguards are obviously required to prevent this from ever happening again.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Police Service of Northern Ireland(PSNI))