Northern Ireland police faces £750k fine after exposing staff info
The United Kingdom's Information Commissioner Office (ICO) intends to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce's personal details by mistakenly publishing a spreadsheet online.
PSNI disclosed the incident on August 8, 2023, when the police force warned that a mistake occurred during a response to a Freedom of Information (FOI) Request, exposing the following data about 9,483 active officers and staff:
- Surnames
- Initials
- Ranks
- Roles
- Locations
According to the ICO's assessment, the incident put exposed individuals at grave physical risk, resulted from poor data security from PSNI, and was deemed entirely preventable.
"We have announced we intend to fine the Police Service of Northern Ireland (PSNI) £750,000 for failing to protect the personal information of its entire workforce." reads the announcement.
"The proposed fine relates to an incident where personal information – including surname, initials, rank, and role of all 9,483 serving PSNI officers and staff – was included in a "hidden" tab of a spreadsheet published online in response to a freedom of information request."
"Our investigation has provisionally found the PSNI's internal procedures and sign-off protocols for the safe disclosure of information were inadequate."
ICO's investigation into the incident revealed that many were forced to move to new physical addresses, cut off communication and relations with family members to protect them from potential harm, and completely alter their daily routines.
The Commissioner noted that the proposed fine on PSNI is set much lower than the nominal provisional figure, which is £5.6 million ($7.1 million), taking into consideration that PSNI is a public organization that operates on a finite budget, providing crucial services to the community.
The ICO has also served PSNI a preliminary enforcement notice requiring the implementation of data security improvements in the handling process of FOI requests.
PSNI's response to ICO's action was positive, accepting the penalty and assuring that they are taking steps to implement all of the recommended changes.
The police force noted that throughout this time, they have supported their staff with crime prevention advice, online tools, and home visits. At the same time, 90% of the exposed offices and staff also accepted a reimbursement of £500 ($635) in December 2023.
The investigation into who holds the leaked data continues, with detectives conducting numerous searches and arrests related to the unlawful dissemination of the stolen data set.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024