Major data breach saw personal and employment data of all PSNI officers and staff published online…

A potentially catastrophic mistake has resulted in the names of ALL police and civilian personnel, where they were based and their roles being put online.

From the BelTel:

Police officers in Northern Ireland are “shocked, dismayed and basically angry” after a major data breach saw personal and employment data published online.
The Police Service of Northern Ireland (PSNI) apologised on Tuesday after it emerged that some 10,000 officers and staff were affected.

The incident happened when the PSNI responded to a Freedom of Information request seeking the number of officers and staff of all ranks and grades across the organisation.

In the published response to this request a table was embedded which contained the rank and grade data, but also included detailed information that attached the surname, initial, location and departments for all PSNI employees.

As you can imagine PSNI staff are not best pleased:

As well as the obvious mistake of putting the data online, there should be questions asked about how many people internally in the PSNI have access to such a huge dataset.

I have worked all my life in IT and I know from experience that people are extremely complacent about data, most people do not understand IT and they ‘leave it to the techies’. I have clients give me full access to all email, files and customer data without giving it a second thought. Now I am a trustworthy sort who would never abuse that trust but you could see how people with malicious intent can quite easily gain access to massive amounts of information.

I also have a certain amount of sympathy for the poor sod who made the mistake. It is really easy in IT to attach the wrong file or not fully check the contents of a file before you send it. More than once I have taken Slugger offline with a wrong click, but obviously the repercussions of this mistake are of a considerable magnitude greater than any normal run-of-the-mill IT problems.

Also, it should be noted that the important thing is the data breaches you don’t hear about, they are a lot more common than people imagine as organisations hush them up or often they are not even aware a breach has taken place. I expect the Information Commissioner’s Office will be all over this one.

I can recommend The Checklist Manifesto to any manager looking to implement systems to reduce mistakes and errors.

 


Discover more from Slugger O'Toole

Subscribe to get the latest posts sent to your email.

We are reader supported. Donate to keep Slugger lit!

For over 20 years, Slugger has been an independent place for debate and new ideas. We have published over 40,000 posts and over one and a half million comments on the site. Each month we have over 70,000 readers. All this we have accomplished with only volunteers we have never had any paid staff.

Slugger does not receive any funding, and we respect our readers, so we will never run intrusive ads or sponsored posts. Instead, we are reader-supported. Help us keep Slugger independent by becoming a friend of Slugger. While we run a tight ship and no one gets paid to write, we need money to help us cover our costs.

If you like what we do, we are asking you to consider giving a monthly donation of any amount, or you can give a one-off donation. Any amount is appreciated.