The Police Service of Northern Ireland (PSNI) is probing a second breach of police officers’ personal data that came to light barely 24 hours after a spreadsheet containing the names and ranks of all of its serving personnel was published online after being accidentally disclosed through a freedom of information (FoI) request.
The second incident dates back to 6 July but has only now come to light. It involves the theft of a police issue laptop, a radio set and documents from a private vehicle in the Belfast suburb of Newtownabbey.
Among the documents was another spreadsheet containing the names of over 200 serving officers and staff.
PSNI assistant chief constable Chris Todd said the service was investigating the circumstances surrounding the second incident.
“We have contacted the officers and staff concerned to make them aware of the incident and an initial notification has been made to the office of the information commissioner regarding the data breach,” said Todd.
“This is an issue we take extremely seriously and as our investigation continues we will keep the Northern Ireland Policing Board and the Information Commissioner’s Office [ICO] updated.”
The first breach, which has been declared a critical incident, has exposed thousands of people across Northern Ireland to the risk of violent reprisals from dissident political groups and paramilitary organisations that continue to reject the peace process, and drawn the ire of politicians from both Unionist and Republican parties.
Senior officers, including chief constable Simon Byrne – who has cut short a family holiday to return to Northern Ireland – will face questions over both incidents at a special session of the Northern Ireland Policing Board to be held today (Thursday 10 August).
Speaking yesterday, Todd said the force fully understood the “very real concerns” felt by PSNI personnel and their families, and was working around the clock with security partners to investigate the incident and mitigate the risk.
“We have issued updated personal security advice to all of our officers and staff, and have established an emergency threat assessment group that will look at the welfare concerns of our people. As well as general advice on safety and security, this multi-disciplinary group will focus on immediate support to those with specific circumstances which they believe place them or their families at immediate risk or increased threat of harm,” he said.
“We have also sought the assistance of an independent advisor to conduct an end-to-end review of our processes to understand what happened, how it happened and what we can do immediately to prevent such a breach from happening in the future.”
Andy Ward, vice-president of international at Absolute Software, commented: “Major organisations such as police departments are among the primary targets for cyber incidents due to the vast amount of sensitive and personal data stored on their systems, and with that must take extra caution when it comes to cyber breaches.
“Cyber security awareness training is essential to ensure staff understand the threats posed against an organisation, the consequences of breaches and how to respond when they occur. Ensuring breaches are promptly reported to the ICO and response protocols are followed can help mitigate the damage of breaches, helping to protect sensitive personal information and reduce remediation time on IT systems.”