The Police Service of Northern Ireland (PSNI) has admitted that this week’s “monumental” data breach followed an earlier leak of names of hundreds of officers and staff, deepening a crisis over the mishandling of personal information that could be used to target employees.
The disclosures have sowed anxiety in the ranks in case paramilitaries tried to exploit the situation – the terrorism threat level in the region is categorised as severe, meaning the chances of an attack are deemed highly likely.
The PSNI is investigating the circumstances of the data breach and has also notified the Information Commissioner’s Office (ICO), which has launched its own investigation.
The Information Commissioner, John Edwards, said that while the breach was a “matter of serious concern, we do not yet know the extent to which the personal information was accessed during the time it was exposed” and the office was working with the PSNI to “establish the level of risk and mitigations.”
Assistant Chief Constable Chris Todd, who is the PSNI’s Senior Information Risk Owner, apologised to officers for the “unacceptable” breach and said early indications were that it was “simple human error.”
PSNI chief constable Simon Byrne has cut short a holiday to return to Northern Ireland and deal with the crisis.
The chairman of the Police Federation for Northern Ireland, Liam Kelly, told BBC Radio 4 police officers had been left “shocked, dismayed and basically angry.”
The crisis unfolded on Tuesday, when details of more than 10,000 officers and employees were published online.
On Wednesday, Mr Todd revealed an earlier data breach: a police-issue laptop, documents and a spreadsheet identifying more than 200 staffers were stolen from a private vehicle in Newtownabbey, near Belfast, on July 6th.
“We have contacted the officers and staff concerned to make them aware of the incident and an initial notification has been made to the office of the information commissioner regarding the data breach,” he said. The statement did not specify when employees were notified.
Mr Kelly called for answers after the latest revelations.
“This confirmation makes matters worse,” the Police Federation chairman said. “Clearly, urgent answers are required. How did this happen? What steps were put in place to advise and safeguard so many colleagues?
“The major security breach was bad enough, but this heaps further pressure on the PSNI to produce credible explanations around data security protocols and the impact on officer safety.”
Political leaders and police representatives in the region are grappling with the security and financial implications of the errors that could expose officers, including those who work undercover, to terrorist intimidation or attack.
Officers were frightened and their friends and family were in “jeopardy”, said Alliance Party leader Naomi Long, who served as justice minister from 2020 to 2022.
She said it would be all but impossible to eradicate the digital footprint of the data breach, which gave the rank and grade data of all employees at the PSNI, including surnames, initials and what department they worked in.
After the initial breach, Mr Kelly said many officers went to great lengths to shield their identities, in some cases not telling friends and associates that they were in the police.
“I’ve been personally inundated with officers who are outlining that they are shocked, dismayed and basically angry that this has happened,” he said. “The trust of our officers is broken by this.”
Mr Kelly said the federation would consider legal action once the police investigation into what has been categorised as a critical incident concluded.
Some officers in sensitive roles might need to change posts and move home, he told RTÉ.
[ Explainer: What we know about PSNI’s ‘major data breach’Opens in new window ]
“At the very top end of the spectrum, we could have officers who potentially may have to relocate – not only from their workplace, but from their home address – if their information has gone into the hands of people who intend to cause them harm.”
Gerry Kelly, Sinn Féin spokesperson on policing and justice, said the data breach could put lives in danger. Northern Ireland secretary Chris Heaton-Harris also expressed deep concern.
Also expressing concern on Wednesday was Taoiseach Leo Varadkar who, on a visit to Belfast, said “nothing is more important than the safety of people who work for the State, particularly police officers”. — Additional reporting Guardian