Law enforcement in Northern Ireland recently woke up to an unfortunate message from their top police officer: More than 10K officers and staff members had had their personally identifiable information (PII) exposed in what their top officer described as a data leakage of “industrial scale.”
How did this happen? It turns out even law enforcement are not immune to cybersecurity risks and data leaks.
A recent data breach leaked information on the police force in Northern Ireland—a doubly tenuous situation given threats of violence against officers that have spanned the past nearly three decades. “The Troubles,” as they are known, involved threats, bombings and assassination attempts on police officers as part of the conflict. As a result, many police officers would obscure their faces, avoid displaying personal information, and sometimes use pseudonyms when carrying out their duties in sensitive or high-risk situations.
These fears echo down to this day, with many officers still choosing to hide their identities. As a result, this exposure of police PII generated some fear, especially given that these threats have not entirely abated in the twenty-five years since The Troubles’ peace agreement.
Worse still, the incident epitomizes why 95% of data breaches originate from human error.
The backstory: The Freedom of Information Act (2000) allows citizens to request copies of public information. In early August, a request came through the department, looking for details on how many staff they had across all levels of the organization. Instead of just that, the department sent back a full disclosure of surnames, initials, departments and unit assignments, and more on everyone in the Police Service of Northern Ireland.
Everything the cops sent was published on a Freedom of Information website for two and a half hours before they realized their error.
Everyone from the top of the organization, to officers currently taking a break from the force, were included in the data leak.
This incident comes on the back of a breach from July, which successfully swiped confidential police documents, a laptop and a radio.
What Does This Mean for Their Privacy?
Already, dissidents claim to have possession of this leaked PII and are allegedly circulating it on WhatsApp.
Potentially affected parties should remain on guard, and this might be a good time to refresh your incident response preparedness as well. Do you know who is continuously monitoring both your systems and the Dark Web for exposed PII? Do you know who to report to if you notice suspicious activity, or receive notification that your private data and accounts were compromised?
If you are struggling to remember your Security Awareness Training, now is a good time to brush up. Ask questions if you’re unsure where to go or what to do in an emergency. It’s better to be prepared now, so you don’t have to think twice when disaster strikes.
Stories like this just prove that nobody is safe—and everyone could accidentally leak information—even law enforcement. Cybersecurity best practices are important for EVERYONE to know, so we can all be safer online while managing private data.