Another British police force has experienced a huge breach of the data of all its officers and staff, the Guardian has learned.
Cumbria police has admitted accidentally publishing the names and salaries of every one of its more than 2,000 employees and has apologised.
One officer told the Guardian of dismay in the force at the leak.
The data breach happened in March and has not previously been publicised.
It comes after the scandal surrounding the Police Service of Northern Ireland, which said systemic failures led to the mistaken release of details of more than 10,000 officers and staff on Tuesday after a spreadsheet was briefly published online.
The PSNI breach was extremely serious because officers there face heightened dangers, some not even telling their friends and families that they work for the police because of the threat of terrorist attack.
While the data breach for the Cumbria force is less serious than the one that affected the PSNI, it is nonetheless embarrassing.
Data for all its employees was posted online. It included those in covert and sensitive roles. The leak affected 1,304 police officers, 756 staff members and 52 police community support officers.
The force said names and salaries and allowances were published online. After it was revealed, an internal message to staff said only a handful of people had called up the data.
Cumbria, which is one of the smallest forces in Britain, said human error was to blame and admitted that as well as the names of officers and staff, their position was published.
In a statement the force said: “Cumbria constabulary became aware of a data breach on Monday 6 March 2023 where information about the pay and allowances of every police officer and police staff roles as at 31 March 2022 was uploaded to the constabulary’s website, which was a human error.
“The pay and allowance data also included names and position, however it did not contain information about where the posts were deployed from or personal details such as date of birth and address.
“This information was removed immediately after the breach was identified.
“Cumbria constabulary immediately contacted every affected person about the data breach, explaining that the impact of this breach was low and the measures the constabulary had put in place to manage the breach and to prevent it happening again.
“This data breach was referred to the Information Commissioner’s Office (ICO) as per normal procedure for independent review. The ICO determined that no further action was necessary and gave some advice and recommendations. The ICO were satisfied with the actions the constabulary had taken and the robust steps which were put in place to prevent any further data breaches.”
An ICO spokesperson said: “Cumbria constabulary made us aware of an incident in March 2023. The information provided was carefully assessed and the organisation provided details about the steps taken in response to the incident.
“We provided data protection advice and concluded that no further action was necessary. We assess reported incidents on a case-by-case basis and any action is based on the specific facts and circumstances.”
