PSNI breach: is the UK taking data security seriously enough?
Accidental release of personal details of 10,000 Northern Irish police employees could have lethal consequences
It was confirmed this week that dissident republicans had obtained reams of sensitive information about the staff of the Police Service of Northern Ireland (PSNI), following a major data breach.
As a result of a botched response to a Freedom of Information request, the surname, initial, rank or grade and department of 10,000 PSNI employees was briefly published online last week. Chief Constable Simon Byrne warned the data could be used for “intimidating or targeting officers and staff”; and this week information from the breach was posted on a Belfast library wall, along with a threat. The Police Federation, which represents rank and file officers, urged them to “exercise maximum vigilance”.
Separately, analysts warned that data stolen in a cyberattack on the Electoral Commission could be used to target voters with disinformation. Data relating to some 40 million people is thought to have been compromised in the cybersecurity breach, which came to light last week, in which hackers gained access to copies of electoral registers containing the names and addresses of all registered UK voters.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
What did the papers say?
It is hard to imagine a “more serious data breach” than the leak of PSNI officers’ details, said The Daily Telegraph. A spreadsheet that included officers’ places of work and the identities of staff based with MI5 seems to have been published in response to an innocuous request about the total numbers employed by the organisation. PSNI blamed “human error”, but it seems more systemic than that. Why wasn’t the data more carefully guarded, and encrypted? Why was it so easy to publish it in error? PSNI staff are now in real danger, said the News Letter (Belfast). Republican dissidents have been “trying to kill officers for more than a decade”. This is “a blunder” that should never have happened”.
The threat posed by the hack targeting Britain’s elections watchdog is less immediate, said The Guardian. But it, too, is serious. Blamed on a “hostile actor” such as Russia, the breach happened in August 2021, but was only discovered after an “alarming” 14-month delay. Fortunately, most of the data leaked is publicly available and wouldn’t enable hackers to influence an election, said the Daily Mail. But this breach nonetheless shows that “all our democratic institutions must be constantly on their guard”.
The dark days of the Troubles, during which 302 Royal Ulster Constabulary officers were killed, are mercifully behind us, said Kate Devlin in The Independent. But the threat faced by officers of what is now the PSNI remains all too real: three officers have been killed in the 25 years since the Good Friday Agreement was signed; and in February, an attempt was made on the life of a third, Detective Chief Inspector John Caldwell, who was critically wounded. PSNI officers are still obliged to check for explosives under their cars, and often keep their occupations a secret from neighbours and even relatives.
Northern Ireland’s terror threat level had already been raised to “severe” before this fiasco, said John Mooney in The Sunday Times – meaning an attack by republican dissidents is “highly likely”. Now that information from the breach has been “shared widely”, the outlook appears worse still. There will be security reviews and office transfers: some officers will have to move house.
It has been clear for a while that the PSNI is no longer “fit for purpose”, said Andrew McQuillan in The Spectator. The force faces a £38m funding gap, its leadership is viewed with suspicion by the rank and file, and public trust in it is low. It won’t be increased by the discovery that the police cannot safely “manage an Excel spreadsheet”.
The Electoral Commission hack could also conceivably have “lethal” consequences, said Edward Lucas in The Times. In that security breach, it seems that foreign spies “ran riot” in its networks for more than a year. “The kneejerk reaction was to blame Russia.” But China may be the more likely culprit. Beijing’s hackers have been “stealing big databases for at least a decade”, and a list of 40 million voters would be very helpful in their efforts to identify British intelligence officers. It could allow them, for example, to search for people who have dropped off the public electoral roll. “Cross-check that with academic records showing who studied Chinese (or Russian or Arabic), and you are well on the way to spotlighting our spooks.”
What’s next?
The PSNI is also investigating a second data breach, in which a spreadsheet naming more than 200 staff was stolen last month. The force could face a “multimillion- pound” class action lawsuit from officers affected by last week’s leak, reports The Mail on Sunday – as well as a substantial fine from the Information Commissioner’s Office, the UK data regulator.
Separately, it has emerged that 1,230 people, including witnesses and victims of crime, have had their data leaked by Norfolk and Suffolk police forces. The forces said that the data was erroneously included in Freedom of Information responses, owing to a “technical issue”.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Mary Poppins tour: 'humdinger' of a show kicks off at Bristol Hippodrome
The Week Recommends Stefanie Jones and Jack Chambers are 'true triple threats' as Mary and Bert in 'timeless' production
By Irenie Forshaw, The Week UK Published
-
Jaguar's stalled rebrand
In the spotlight Critics and car lovers are baffled by the luxury car company's 'complete reset'
By Abby Wilson Published
-
What the chancellor's pension megafund plans mean for your money
Rachel Reeves wants pension schemes to merge and back UK infrastructure – but is it putting your money at risk?
By Marc Shoffman, The Week UK Published
-
The Pélicot case: a horror exposed
Talking Point This case is unusually horrifying, but the misogyny that enabled is chillingly common
By The Week UK Published
-
Lucy Letby: a miscarriage of justice?
The Explainer Since Letby's conviction for killing seven babies at a neonatal unit, experts have expressed grave doubts about the case
By The Week UK Published
-
A bus stop tragedy and China's anti-Japanese rhetoric
Talking Point Suzhou attack described as the product of 'decades of hate education'
By The Week UK Published
-
Can Starmer's plan solve the prisons crisis?
Today's Big Question Releasing inmates early is 'least worst option' to tackle overcrowding, but critics say it puts public at risk
By Harriet Marsden, The Week UK Published
-
Europe's drug gangs in the spotlight
The Explainer The illegal narcotics trade is fuelling a surge in gang violence across the continent
By The Week UK Published
-
Trump hush money trial: what has the jury heard?
Today's Big Question Former loyal fixer Michael Cohen proves star witness for prosecution, but Stormy Daniels's graphic testimony could offer grounds for appeal
By Harriet Marsden, The Week UK Published
-
Italian mafia: why is murder and extortion going out of fashion?
Today's Big Question Move into tax evasion and money laundering means organised crime has 'not diminished but evolved', warns prosecutor
By The Week UK Published
-
French schools and the scourge of teenage violence
Talking Point Gabriel Attal announces 'bold' intervention to tackle rise in violent incidents
By The Week UK Published