View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 17, 2022

Suffolk Police data breach sees sexual assault victim data posted online

The force has apologised for the error and is investigating how information on victims of serious crime was made publicly available.

By Claudia Glover

The Suffolk Police force has suffered a data breach that led to information about sexual assault victims being posted online. The county’s police and crime commissioner has apologised.

Suffolk Police Data Breach
Suffolk Police accidentally published sexual assault data of hundreds of victims on its website. (Photo by tbz.foto/Shutterstock)

Hundreds of victims had their names, addresses, dates of birth and details of the alleged sexual offences committed published on the force website, according to the East Anglia Daily Times, which first reported the story.

Suffolk Police data breach

The information was apparently only online for a short period of time, however this would be long enough to “put women at risk of further violence,” the Suffolk Rape Crisis organisation said.

“Survivors of sexual violence who have reported to the police are entitled to lifetime anonymity,” the charity said.

A Suffolk Constabulary spokesperson said: “Suffolk Police were made aware that some personal information, which should not have been uploaded, could be accessed by the constabulary website,” they explained. “This matter was quickly resolved and the information can no longer be accessed. We take our obligations under the data protection act very seriously.”

It is currently unknown how the information ended up on a public-facing website. Suffolk Police has launched an inquiry and reported the incident to data watchdog the Information Commissioner’s Office.

Suffolk’s police and crime commissioner Tim Passmore has issued an “unreserved apology” for the breach. He said in a statement to BBC Radio Suffolk: “I want to make it clear I am extremely sorry and issue an unreserved apology for anyone who might have been affected,” he said. 

Content from our partners
<strong>Powering AI’s potential: turning promise into reality</strong>
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

“I can understand the huge concern it might have caused people who have been victims of this sort of terrible crime.”

Passmore announced he has spoken to Deputy Chief Constable Rob Jones asking him to support “anyone in distress,” as well as making sure the investigation was carried out quickly. 

UK police data breaches expose citizen data

It is the latest data breach to hit the UK police. In December of last year the Police National Database, a system that contains information on millions of people, suffered a supply chain attack that saw data of UK citizens uploaded onto the dark web.

IT services provider Dacoll, which had access to the PNC, was hacked by the Russian-speaking ransomware gang Cl0p. Close-up images of drivers were lifted from the database and posted online.

The data was taken down soon after, however, leading experts to believe that the criminals had either been found by the police or the cybergang had been approached by a higher bidder for the data. 

In 2020 there were over 2300 data breach incidents reported by 22 of the UK’s police forces, according to a Freedom of Information Request.

The results revealed a national average of 299 data breaches per police station in the period dating from 2016 to the first four months of 2021.

Read more: Do police need ethics guidance on emerging technology?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.