A man has been arrested in relation to the loss of personal information of approximately 10,000 employees of the Police Service of Northern Ireland (PSNI). The suspect has now been released on bail, to allow for further police enquiries.
News of the arrest comes after the Cumbria police force became the fourth UK police force in a matter of weeks to leak confidential information online. Human error was cited as the cause of the breach.
Man arrested over data breach at the PSNI
Following last week’s data breach at the PSNI, a man was detained and questioned by detectives at Musgrave Serious Crime Unit in Belfast and later to be released on bail. The 39-year-old was arrested on Wednesday on suspicion of collecting information likely to be useful to terrorists, by detectives investigating the leak, during a search in Lurgan, County Armagh.
The data was mistakenly posted online in response to a routine Freedom of Information (FoI) request. While it was only available for a matter of hours, this was enough time for the information to fall into the wrong hands. Days after the breach was announced, a statement was released by the PSNI confirming that the workforce data had been accessed by dissident Republicans, who may use to “generate fear and uncertainty, as well as intimidating or targeting officers and staff,” according to the police force.
As reported by Tech Monitor, the data has already been used to try to intimidate a member of the Legislative Assembly (MLA) and Policing Board member Gerry Kelly. Printouts of the illicit information were posted on a wall opposite the Sinn Féin offices.
The leak has led many of those affected to worry about their safety. Some officers had chosen to keep their employment by the PSNI a secret due to political tensions in the region. “We operate in an environment, at the moment, where there is a severe threat to our colleagues from Northern Ireland-related terrorism,” assistant chief constable Chris Todd told the BBC. Up to 3,000 officers have reportedly come forward expressing interest in legal action following the breach.
Detective Chief Superintendent Andy Hill said the force is “working tirelessly to address the risk posed to officers and staff” and said the arrest was “just one piece of a large-scale operation”. Hill said: “We will continue in our efforts to disrupt criminal activity associated with this freedom of information data breach and to keep communities, and our officers and staff who serve them, safe.”
Cumbria police hit with data breach
This week Cumbria also admitted to a data breach, revealing that names, salaries and allowances of all Cumbria police force employees were posted to its website on March 6.
A spokesperson said: “Cumbria constabulary became aware of a data breach on March 6, where information about pay and allowances of every police officer and police staff role was uploaded to the Constabulary’s website, which was a human error.”
The information was removed immediately after the breach was identified. The spokesperson added that “Cumbria Constabulary immediately contacted every affected person about the data breach, explaining that the impact of this breach was low and the measures the constabulary had put in place to manage the breach and to prevent it happening again.”
The breach was referred to the Information Commissioner’s Office (ICO), which said no further action was necessary.
This comes in the same week as Norfolk and Suffolk police forces admitted to a data leak from a joint database, leading to personal information up to 1,230 employees of both constabularies being accidentally released alongside data requested as part of an FoI request.