The PSNI has issued updated personal security advice to all officers and civilian staff whose personal and employment information was published online in a “significant” data breach. An emergency threat assessment group has also been established.
In a statement on Wednesday afternoon, Assistant Chief Constable Chris Todd said this multidisciplinary group would “focus on immediate support to those with specific circumstances which they believe place them or their families at immediate risk or increased threat of harm”.
“We fully understand the very real concerns being felt by our colleagues and their families and we are working hard to do everything we can to mitigate any risk,” he said. “We are working with our security partners and organisations to investigate this incident.
“We have also sought the assistance of an independent adviser to conduct an end-to-end review of our processes in order to understand what happened, how it happened and what we can do immediately to prevent such a breach happening in the future,” he said.
Earlier, the PSNI apologised to its thousands of serving officers and civilian staff whose personal and employment data was compromised.
Northern Ireland Secretary Chris Heaton-Harris said he was “deeply concerned” by the data breach, while the Police Federation for Northern Ireland (PFNI) said its members were “appalled”.
The incident happened when the PSNI responded to a Freedom of Information request seeking the number of officers and staff at all ranks and grades across the organisation. Some 10,000 officers and staff were affected.
In the published response to this request, a table was embedded that contained the rank and grade data, but also included detailed information that attached the surname, initial, the location and the departments for all employees of the PSNI. The data was potentially viewable by the public for 2½-three hours.
A special meeting of the Northern Ireland Policing Board will take place on Thursday to discuss the data breach with the PSNI senior team. The Irish Times understands the PSNI chief constable, Simon Byrne, who is on holiday, is to end his break early and will appear before the policing board meeting.
[ Explainer: What to know about PSNI’s ‘major data breach’Opens in new window ]
Addressing the media in Belfast on Tuesday evening, Mr Todd apologised to officers for the “unacceptable” breach. He said that once it was brought to the PSNI’s attention, it was taken down “quickly”, and that early indications were that this was a “simple human error”.
Mr Todd also said there were no immediate security concerns, but they were monitoring the situation.
“I understand that that will be of considerable concern to many of my colleagues and their families,” he said. “We operate in an environment at the moment where there’s a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.
“So, I owe it to all my colleagues to make sure this is investigated thoroughly, and we’ve initiated that and will keep them informed, keep all the staff associations informed of that investigation, and we’ve been engaging with them throughout the afternoon.”
The incident was first reported by the Belfast Telegraph, which said it viewed the uploaded material after it was contacted by a relative of a serving officer.
Apart from the person who released the information, the PSNI was unaware the information had been released until they saw it on a website, Mr Todd confirmed.
He said that despite the data including only surnames and initials, the breach would still be “of significant concern to many of my colleagues”.
Liam Kelly, chairman of the Police Federation for Northern Ireland, told BBC Radio 4’s Today programme on Wednesday morning: “Our officers go to great lengths to protect their identities. Some of them don’t even tell their close friends and associates that they are actually in the police.”
Mr Kelly said PSNI officers operated “under the veil of the highest potential threat”, agreeing that some might be working for the security services in MI5. “There are a number of our officers who work in very sensitive roles. Roles where a veil of secrecy is required because of the nature and the danger associated with that role,” he said.
“Following the attempted murder of our colleague DCI John Caldwell, the security threat was reviewed and upgraded again [in March].
He said legal action was “something we will consider once the investigation concludes” and he was not willing to do a vote of no confidence in the chief constable “at this point”.
Politicians have reacted with shock – the SDLP’s policing spokesman, Mark H Durkan, called on PSNI Chief Constable Simon Byrne to make a statement.
DUP MLA for South Antrim, Trevor Clarke, a member of the Northern Ireland Policing Board, said it would look for answers when it meets on Thursday, and pinned some blame on Mr Heaton-Harris.
“The Secretary of State has presided over a budget, which is the worst that the police have ever had – they’ve looked to reduce numbers at a time they should’ve been increasing numbers,” he told BBC Radio 4’s World Tonight.
Mr Todd said Mr Byrne was aware of the issue, but would not comment on whether he would return from his summer break to respond. “I’m the duty officer and I’m the senior information risk owner, so I take responsibility for this,” he said.
A spokesman for the Information Commissioner’s Office said the PSNI “has made us aware of an incident and we are assessing the information provided”.
Speaking on BBC Radio Ulster on Wednesday morning, the Sinn Féin MLA Gerry Kelly and the DUP MLA Trevor Clarke – both members of the policing board – stopped short of calling for the chief constable’s resignation but said serious questions needed to be answered.
“Of course it’s true that the buck stops at the top but I think it is too simplistic to put everything down to the chief constable,” said Mr Kelly. “One of the questions is, was this known at the top level and, if it wasn’t known, why was it not known? If that’s not known then that’s what worries me, then what else is not known?”
Trevor Clarke said it was a “monumental error” and described it as “like something you would watch on a film on Netflix and you would think this couldn’t happen, these are hypotheticals”.
Alliance Party leader Naomi Long, a former minister for justice in Northern Ireland, has said the data breach was “an incredibly serious situation”.
While she understood human error, the question remained how a single individual could release so much data, she told RTÉ radio’s Morning Ireland. The policing board will have to ask some “fairly probing questions, particularly how a relatively junior member of staff was able to inadvertently publish this background data when they were answering a Freedom of Information request”.
“But I think the more serious aspect of this than who does the investigation is the human and financial cost of what has happened. There will have been officers, their families, members of civilian staff and their families who will have spent a very uncomfortable night last night feeling exposed and vulnerable in a way that they previously were.” - Additional reporting PA