Not wanting to be left out of data breaches Cumbria Police admits to a massive data breach involving the leak of names and salaries of staff online
August 22, 2023 |
It has been a bad month for the police in the United Kingdom. Privacy wise at least. The Northern Ireland Police Service had suffered a significant data breach Cumbria Police said that on March 6 it found out information about pay and allowances had been uploaded on its website following a “human error”. The force’s admission comes after an “industrial scale breach of data” in Northern Ireland this week which saw some details of around 10,000 officers and staff published online for a number of hours.
The Norfolk Police data breach involved personal details of 1,230 victims of abuse being shared accidentally. The breach occurred because of poor data handling, with data being attached as part of a response to a Freedom of Information Request. This has attracted the early attention of the Information Commissioner’s Office.
Most of the recent data breaches involving the loss of data from various police forces in the United Kingdom related to human error rather than criminal activity by hackers. In short, poor privacy practices. It highlights the need for proper training and processes. That is particularly the case for police where the data is almost invariably sensitive.
The BBC covered Norfolk data breach, providing:
Norfolk’s chief constable said personal details shared accidentally by police about 1,230 victims of abuse “shouldn’t have happened”.
The data breach involved Norfolk and Suffolk police forces which admitted personal information was included in Freedom of Information (FOI) responses due to a “technical issue”.
The information included descriptions of offences including sexual and domestic assaults.
Both forces have apologised.
Speaking to the BBC on Wednesday, Norfolk’s chief constable, Paul Sanford, confirmed 858 of the victims and witnesses affected related to crimes investigated by his force.
“A small percentage of the FOI requests the constabularies received last year were returned with some of the raw data still attached to the information that we sent,” he said.
The information was attached to 18 responses to FOI requests from journalists for crime statistics issued by the forces between April 2021 and March 2022.
The data included personal identifiable information on victims, witnesses and suspects relating to a range of offences including sexual offences, domestic incidents, assaults, hate crime and thefts.
“It shouldn’t have happened. We’ve made the steps to make sure it doesn’t happen again in the future but we understand that a significant number of people have been affected by this,” said Chief Constable Sanford.
“I’d also like to say when this data was sent out it was hidden. We’ve taken every step that we can, strenuous efforts, to understand whether this data has been accessed by any party that shouldn’t have.
“Thus far, we’ve found no evidence of that.”
Mr Sanford said all of the people affected were being contacted and added, “if you don’t hear from us, you should have no cause for concern”.
The chief constable admitted the breach might also have impacted people’s trust in the police, but said: “We have learnt from this incident, we have changed our processes so that this cannot happen again.”
Meanwhile, Suffolk’s temporary assistant chief constable, Eamonn Bridger, said “immediate steps” were taken to react and remove the data from the public domain.
All those affected are expected to be contacted by letter, phone or in person by the end of September.
It was the second time Suffolk Police breached victims’ personal details within nine months after names and addresses of victims could be seen on the force’s website.
The Information Commissioner’s Office (ICO) has confirmed it was investigating the matter.