The Suffolk Police force has suffered a data breach that led to information about sexual assault victims being posted online. The county’s police and crime commissioner has apologised.
Hundreds of victims had their names, addresses, dates of birth and details of the alleged sexual offences committed published on the force website, according to the East Anglia Daily Times, which first reported the story.
Suffolk Police data breach
The information was apparently only online for a short period of time, however this would be long enough to “put women at risk of further violence,” the Suffolk Rape Crisis organisation said.
“Survivors of sexual violence who have reported to the police are entitled to lifetime anonymity,” the charity said.
A Suffolk Constabulary spokesperson said: “Suffolk Police were made aware that some personal information, which should not have been uploaded, could be accessed by the constabulary website,” they explained. “This matter was quickly resolved and the information can no longer be accessed. We take our obligations under the data protection act very seriously.”
It is currently unknown how the information ended up on a public-facing website. Suffolk Police has launched an inquiry and reported the incident to data watchdog the Information Commissioner’s Office.
Suffolk’s police and crime commissioner Tim Passmore has issued an “unreserved apology” for the breach. He said in a statement to BBC Radio Suffolk: “I want to make it clear I am extremely sorry and issue an unreserved apology for anyone who might have been affected,” he said.
“I can understand the huge concern it might have caused people who have been victims of this sort of terrible crime.”
Passmore announced he has spoken to Deputy Chief Constable Rob Jones asking him to support “anyone in distress,” as well as making sure the investigation was carried out quickly.
UK police data breaches expose citizen data
It is the latest data breach to hit the UK police. In December of last year the Police National Database, a system that contains information on millions of people, suffered a supply chain attack that saw data of UK citizens uploaded onto the dark web.
IT services provider Dacoll, which had access to the PNC, was hacked by the Russian-speaking ransomware gang Cl0p. Close-up images of drivers were lifted from the database and posted online.
The data was taken down soon after, however, leading experts to believe that the criminals had either been found by the police or the cybergang had been approached by a higher bidder for the data.
In 2020 there were over 2300 data breach incidents reported by 22 of the UK’s police forces, according to a Freedom of Information Request.
The results revealed a national average of 299 data breaches per police station in the period dating from 2016 to the first four months of 2021.