And it wasn’t a minor accident on their behalf either; approximately 9,500 staff and officer’s information was released such as their full names, where they work, what rank they are in, and other sensitive information.
I don’t know about you, but having my full name + where I work leaked isn’t too glamourous, especially if you’re a police officer.
So how did the breach actually happen?
Well, under the Freedom of Information Act 2000, any regular public citizen can request the basic information (name, badge, rank) of any public staff - police officers, politicians, etc…
A simple request came into the PSNI asking if they could have the total tally of each officer at each rank.
And this is where the mistake lies.
Instead of sending a tally, the PSNI sent the entire source data in an excel sheet of every bit of information, for every officer and staff member.
Whoever asked, received, was in shock, and posted it on website that discusses the information of public staff.
It was only taken down 2.5 hours after it was posted but it may come as no surprise, the information was being spread everywhere.
And the worst part of it all?
£750,000 is their fine. What about the collective thousands of police officers suing for damage?
£240 million.
A.K.A $305 million USD.
I bet if they hired cybersecurity staff for even a fraction of that $305 million, this situation would have been avoided. Goes to show that maybe security staff is a bit more important than one would think?
Clear-Cut Definitions
Source Data: