The Police Service of Northern Ireland has admitted that this week’s “monumental” data breach followed an earlier leak of names of hundreds of officers and staff, deepening a crisis over the mishandling of personal information that could be used to target employees.
The disclosures sowed anxiety in the ranks and prompted some officers to relocate in case paramilitaries tried to exploit the situation – the terrorism threat level in the region is categorised as severe, meaning the chances of an attack are deemed highly likely.
“There is a lot of fear and anxiety,” said one serving officer. “Some have moved out of their homes overnight. Some have not told their friends or family they work for PSNI. It is a particular problem for specialist operations, such as undercover officers.”
The UK Information Commissioner’s Office (ICO) has launched an investigation. Simon Byrne, the chief constable of Northern Ireland, cut short a holiday to return to Northern Ireland and deal with the crisis.
The crisis unfolded on Tuesday, when details of more than 10,000 officers and employees were published online. The ICO, which regulates data privacy laws, launched an investigation to establish the level of risk.
“This incident raises serious concerns as it shows how even the smallest of human errors can have major consequences,” the agency said in a statement. “The incident demonstrates just how important it is to have robust measures in place to protect personal information, especially in a sensitive environment.”
On Wednesday Chris Todd, a PSNI assistant chief constable, revealed an earlier data breach: a police-issue laptop, documents and a spreadsheet identifying more than 200 staffers were stolen from a private vehicle in Newtownabbey, near Belfast, on 6 July.
“We have contacted the officers and staff concerned to make them aware of the incident and an initial notification has been made to the office of the information commissioner regarding the data breach,” he said. The statement did not specify when employees were notified.
Liam Kelly, the chair of the Police Federation for Northern Ireland, called for answers after the latest revelations. “This confirmation makes matters worse,” he said. “Clearly, urgent answers are required. How did this happen? What steps were put in place to advise and safeguard so many colleagues?
“The major security breach was bad enough, but this heaps further pressure on the PSNI to produce credible explanations around data security protocols and the impact on officer safety.”
Political leaders and police representatives in the region are grappling with the security and financial implications of errors that could expose officers, including those who work undercover, to terrorist intimidation and attack.
Officers were frightened and their friends and family were in “jeopardy”, said Naomi Long, the leader of the Alliance party, who served as justice minister from 2020 to 2022.
She said it would be all but impossible to eradicate the digital footprint of the data breach, which gave the rank and grade data of all employees at the PSNI, including surnames, initials and what department they worked in.
After the initial breach, Kelly said many officers went to great lengths to shield their identities, in some cases not telling friends and associates that they were in the police. “I’ve been personally inundated with officers who are outlining that they are shocked, dismayed and basically angry that this has happened,” he said.
Kelly said the federation would consider legal action once the police investigation into what has been categorised as a critical incident concluded. “The trust of our officers is broken by this.”
Some officers in sensitive roles might need to change posts and move home, he told the Irish broadcaster RTÉ. “At the very top end of the spectrum, we could have officers who potentially may have to relocate – not only from their workplace, but from their home address – if their information has gone into the hands of people who intend to cause them harm.”
Gerry Kelly, a Sinn Féin assembly member, said the data breach could put lives in danger. Chris Heaton-Harris, the Northern Ireland secretary, also expressed deep concern.
Earlier this week the UK election watchdog also had a serious data breach.
The PSNI blamed human error for releasing an Excel spreadsheet – in response to a freedom of information request – that was published on an FoI website called WhatDoTheyKnow on Tuesday at about 2.30pm. The spreadsheet did not give home addresses. It was removed about two hours later, after police discovered the mistake. Todd apologised and said the error was unacceptable.
An emergency meeting of the Policing Board of Northern Ireland, which oversees the force, is to be held on Thursday. Tom Kelly, a former board member, called on the chief constable to resign. Mike Nesbitt, the Ulster Unionist representative on the board, counselled against “knee-jerk” reaction.
During the Troubles, republican and at times loyalist paramilitaries targeted members of the Royal Ulster Constabulary, killing more than 300. Officers sought to conceal their profession and would not, for instance, hang their uniforms out to dry.
The PSNI, which replaced the RUC, has faced a lower-level but chronic threat from dissident republicans. In February, gunmen shot and severely wounded DCI John Caldwell at a sports complex in Omagh, Co Tyrone. In March, authorities raised the terrorism threat level from substantial to severe.
