“As a service we are acutely aware of the seriousness of this breach and have declared it to be a critical incident,” Chris Todd, the assistant chief constable of the force, said in a statement Wednesday.
This kind of data breach is especially sensitive in Northern Ireland, the only province in the United Kingdom where the terrorist threat is “severe,” meaning an attack is highly likely. Intelligence agencies raised the threat level in March, shortly after the new IRA, a small Irish republican paramilitary group, claimed responsibility for shooting and seriously wounding a senior police detective.
The Good Friday Agreement, signed in 1998, largely ended three decades of sectarian violence in Northern Ireland, but police officers can still be targeted by dissident groups. Some don’t tell friends and family about the nature of their work.
Todd told reporters in Belfast on Tuesday that the mistake was “regrettable” and “simple human error” but said there was nothing at the moment to suggest an immediate security risk to staff members.
Liam Kelly, chair of Northern Ireland’s Police Federation, which represents rank-and-file officers, called it a breach of “monumental proportions.”
“We have many colleagues who do everything possible to protect their police roles,” Kelly said in a statement. “We’re fortunate that the PSNI spreadsheet didn’t contain officer and staff home addresses, otherwise we would be facing a potentially calamitous situation.”
The information was published on the requester’s website for up to three hours on Tuesday afternoon before it was spotted and removed.
The Belfast Telegraph, alerted to the data leak by the relative of an officer, was the first to report it. The paper, which has seen the database, said it contains details such as where officers are based and what department they work for, including breakdowns on who works in the organized crime units and who is based at MI5, the domestic intelligence agency.
“Although the error was our own,” Todd told reporters, “if anybody did have access to it, I’d ask them to delete it straight away.”
In a separate incident, details of a second data breach within the Police Service of Northern Ireland emerged Wednesday. The police said they were investigating the theft of a police-issued laptop and documents that had the names of over 200 officers and staff members. They were thought to have been stolen in July from a private car.
The news of the accidental release came a day after Britain’s Electoral Commission announced that it had identified a cyberattack that gave “hostile actors” access to its systems.