PSNI breach: is the UK taking data security seriously enough?

Accidental release of personal details of 10,000 Northern Irish police employees could have lethal consequences

Northern Ireland police
PSNI officers often keep their occupations a secret from neighbours

It was confirmed this week that dissident republicans had obtained reams of sensitive information about the staff of the Police Service of Northern Ireland (PSNI), following a major data breach.

As a result of a botched response to a Freedom of Information request, the surname, initial, rank or grade and department of 10,000 PSNI employees was briefly published online last week. Chief Constable Simon Byrne warned the data could be used for “intimidating or targeting officers and staff”; and this week information from the breach was posted on a Belfast library wall, along with a threat. The Police Federation, which represents rank and file officers, urged them to “exercise maximum vigilance”.

Separately, analysts warned that data stolen in a cyberattack on the Electoral Commission could be used to target voters with disinformation. Data relating to some 40 million people is thought to have been compromised in the cybersecurity breach, which came to light last week, in which hackers gained access to copies of electoral registers containing the names and addresses of all registered UK voters.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

What did the papers say?

It is hard to imagine a “more serious data breach” than the leak of PSNI officers’ details, said The Daily Telegraph. A spreadsheet that included officers’ places of work and the identities of staff based with MI5 seems to have been published in response to an innocuous request about the total numbers employed by the organisation. PSNI blamed “human error”, but it seems more systemic than that. Why wasn’t the data more carefully guarded, and encrypted? Why was it so easy to publish it in error? PSNI staff are now in real danger, said the News Letter (Belfast). Republican dissidents have been “trying to kill officers for more than a decade”. This is “a blunder” that should never have happened”.

The threat posed by the hack targeting Britain’s elections watchdog is less immediate, said The Guardian. But it, too, is serious. Blamed on a “hostile actor” such as Russia, the breach happened in August 2021, but was only discovered after an “alarming” 14-month delay. Fortunately, most of the data leaked is publicly available and wouldn’t enable hackers to influence an election, said the Daily Mail. But this breach nonetheless shows that “all our democratic institutions must be constantly on their guard”.

The dark days of the Troubles, during which 302 Royal Ulster Constabulary officers were killed, are mercifully behind us, said Kate Devlin in The Independent. But the threat faced by officers of what is now the PSNI remains all too real: three officers have been killed in the 25 years since the Good Friday Agreement was signed; and in February, an attempt was made on the life of a third, Detective Chief Inspector John Caldwell, who was critically wounded. PSNI officers are still obliged to check for explosives under their cars, and often keep their occupations a secret from neighbours and even relatives.

Northern Ireland’s terror threat level had already been raised to “severe” before this fiasco, said John Mooney in The Sunday Times – meaning an attack by republican dissidents is “highly likely”. Now that information from the breach has been “shared widely”, the outlook appears worse still. There will be security reviews and office transfers: some officers will have to move house.

It has been clear for a while that the PSNI is no longer “fit for purpose”, said Andrew McQuillan in The Spectator. The force faces a £38m funding gap, its leadership is viewed with suspicion by the rank and file, and public trust in it is low. It won’t be increased by the discovery that the police cannot safely “manage an Excel spreadsheet”.

The Electoral Commission hack could also conceivably have “lethal” consequences, said Edward Lucas in The Times. In that security breach, it seems that foreign spies “ran riot” in its networks for more than a year. “The kneejerk reaction was to blame Russia.” But China may be the more likely culprit. Beijing’s hackers have been “stealing big databases for at least a decade”, and a list of 40 million voters would be very helpful in their efforts to identify British intelligence officers. It could allow them, for example, to search for people who have dropped off the public electoral roll. “Cross-check that with academic records showing who studied Chinese (or Russian or Arabic), and you are well on the way to spotlighting our spooks.”

What’s next?

The PSNI is also investigating a second data breach, in which a spreadsheet naming more than 200 staff was stolen last month. The force could face a “multimillion- pound” class action lawsuit from officers affected by last week’s leak, reports The Mail on Sunday – as well as a substantial fine from the Information Commissioner’s Office, the UK data regulator.

Separately, it has emerged that 1,230 people, including witnesses and victims of crime, have had their data leaked by Norfolk and Suffolk police forces. The forces said that the data was erroneously included in Freedom of Information responses, owing to a “technical issue”.

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.