How data breach became very real for the Police Service of Northern Ireland
The breach, confirmed on August 8th, resulted from the inadvertent release of data contained in a spreadsheet following a Freedom of Information (FoI) request. This exposed the last names, initials, ranks, departments, and locations of current personnel, encompassing even those involved in sensitive areas like surveillance and intelligence.
The incident has raised concerns about the safety of police officers and their families, particularly given the elevated threat level for Northern Ireland-related terrorism, which was recently increased to 'Severe.'
The data leak occurred when a Freedom of Information request for officer and staff numbers at different ranks and grades was fulfilled. Alongside a numerical table, an extensive Excel spreadsheet was inadvertently published on the "What Do They Know" FoI website. The spreadsheet, containing over 10,000 lines of information, was in the public domain for approximately two and a half hours before being promptly removed at the request of the PSNI.
The breach underscores the risks associated with the use of spreadsheets for sensitive data storage, a recurring issue in the public sector. Despite repeated warnings from the UK's Information Commissioner's Office (ICO), organisations continue to make the same mistakes. Past incidents include the unredacted disclosure of addresses in the Cabinet Office's 2019 New Year Honours list.
In conclusion, the recent data breach involving the PSNI has exposed sensitive personal information of officers and staff, raising significant concerns about their safety, the efficacy of undercover and intelligence work, and the overall security of the region. The incident highlights the persistent challenges in handling sensitive data, particularly the repeated misuse of spreadsheets, and underscores the need for more secure information sharing practices.
For private sector organisations, the incident can also serve as a reminder to ensure staff are sharing files in a secure manner, and that there are the right levels of governance in place to keep track of sensitive information.
The basic ingredients haven’t changed, but the ground is constantly shifting.
It may be old news, but ransomware is a bigger threat than ever
5 steps for defence
The insider threat that caused the security vs usability conundrum
Share this story
Unlock exclusive updates and special offers! Fill out our contact form to stay connected and be the first to know.