Personal information of victims of crime and witnesses released in police data breach

Technology

Two police forces have admitted breaching the data of 1,230 people – including victims of crime and witnesses.

Norfolk and Suffolk constabularies said a “technical issue” led to raw data being included within files produced in response to Freedom of Information (FOI) requests about crime statistics.

It included information related to crime reports for a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.

In a joint statement, the constabularies said the data was hidden from anyone opening the files.

However, they admitted it should not have been included in the responses, which were issued between April 2021 and March 2022.

They said “strenuous efforts” had been made to determine if the data released had been accessed by anyone outside policing.

“At this stage, we have found nothing to suggest that this is the case,” the constabularies said in their statement.

Assistant Chief Constable of Suffolk Police, Eamonn Bridger, said: “We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.

Read more:
Northern Ireland police data breach: Why is the leak so serious?
BA, BBC and Boots hit by cyber security breach

“I would like to reassure the public that procedures for handling FOI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.”

The forces said they will notify all 1,230 people whose data has been breached.

This will be done via a letter, over the phone, or, in some cases, face-to-face, depending on “what information was impacted and what support is required”

Officers expect this process to be completed by the end of September this year.

“If members of the public are not contacted by the constabularies, they do not need to take any action,” the forces said in a statement.

It comes just days after a separate data breach incident, involving The Police Service of Northern Ireland (PSNI).

The force apologised earlier this month for a self-inflicted security breach after it inadvertently published the surname, initials, the rank or grade, the work location and departments of all PSNI staff in response to an FOI request.

It also revealed members of the organised crime unit, intelligence officers stationed at ports and airports, officers in the surveillance unit and almost 40 PSNI staff based at MI5’s headquarters in Holywood, the Belfast Telegraph reported.

The data was potentially visible to the public for between two-and-a-half to three hours.

Products You May Like