News

NI police leak highlights the potentially catastrophic consequences of a data protection failure

Our specialist lawyers help our clients pursue justice and compensation following data privacy violations. We are committed to advocating for those who have suffered harm – whether financial, physical, or emotional – due to such breaches.   

We take what we do seriously and believe that organisations must be held accountable for lapses in data security. But, in our work, we often come across people who downplay the possible ramifications of a data breach. Usually because they simply do not understand the significant damage that a privacy violation can cause.  

The recent Northern Irish police data breach highlights the potentially catastrophic consequences of a data protection failure. 

What happened in this case?

The breach — which happened in August 2023 – occurred when the force erroneously uploaded the wrong Excel spreadsheet to a Freedom of Information website. The spreadsheet contained the names, bases, units, and duties of about 10,000 officers and civilian staff members. In other words, every single officer and civilian employee in the force. 

Those affected included Tactical Support Group members (who often wear balaclavas to conceal their identities), personal protection officers, plain-clothed officers involved in covert operations, and those working with MI5.  

In Northern Ireland, police face a “severe” terrorist threat level, meaning an attack is highly likely. As such, many officers go to great lengths to protect their identities, even keeping their roles a secret from relatives and close friends.  

There are concerns that the compromised data would be very useful to terrorists and the disclosure could be a “death sentence”.  While the force attempted to remove the spreadsheet, news of its publication spread quickly. According to PSNI chief constable, Simon Byrne, the information is believed to be in the hands of dissident republicans. Furthermore, documents from the leak have been posted on a wall near a Sinn Féin office in Belfast. 

Speaking to POLITICO, one officer involved in the data breach said: “Terrorists would literally kill for this information, and we gave it away.” 

Officers can take legal action against the Police Service of Northern Ireland (PSNI)

The PSNI data leak is a clear and serious breach of data protection regulations. As such, we would encourage anyone affected by the security failure to look at claiming for damages.  

Commenting on this case, our Head of Privacy & Data Litigation, Kingsley Hayes said:  

“The situation in Northern Ireland is one of the worst mass data breaches I have seen. Officer’s lives could literally be at risk due to a failing in basic data security processes. Unfortunately, while the consequences of this breach could be catastrophic, it’s certainly not a one-off.  

“Over the years, we’ve represented many clients who have suffered significant fear and distress after a data protection failure. Including where the loss of personal information has put vulnerable people at risk of violence and physical harm.  

“Data breach victims commonly experience high levels of apprehension, and in this case the worry felt by the officers and police staff must be severe. The Northern Ireland police data breach highlights why it is important not to downplay data security failures, and why we must take the impact of such violations seriously.” 

We are currently supporting officers in England & Wales to make data protection claims against the Police Federation of England & Wales (PFEW) and Equiniti 

We are also investigating a data breach at Digital ID, which could affect thousands of police officers, including those at the Met and GMP. In total, according to one senior officer, over 20,000 details – including police officers’ names and photos – are “potentially at risk” following this breach.  

Our firm is only able to help clients living in England & Wales, so we are not able to run a group action for the PSNI data breach.  

Deborah Stuttard

Share
Published by
Deborah Stuttard
1 year ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

6 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

6 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

6 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

6 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

6 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

6 months ago