10,000 N Ireland police officers and staff have their details exposed after spreadsheet screw-up

10,000 N Ireland police officers and staff have their details exposed after spreadsheet screw-up

Earlier this week, the details of all 10,000 staff at the Police Service of Northern Ireland (PSNI) were exposed after a spreadsheet containing the data was mistakenly published online.

The spreadsheet, which had been created in response to a Freedom of Information (FOI) request, revealed the surname, initial, rank or grade, and location of all PSNI employees.

In addition, the spreadsheet described what department individuals worked in. Perhaps less scary if it’s human resources or accounts, but alarming if you worked in an area such as intelligence or surveillance.

Sign up to our free newsletter.
Security news, advice, and tips.

The routine FOI request had only requested information about the total number of officers and staff at all ranks and grades across the PSNI. And yet, an employee accidentally included far far too much information – presumably through a cock-up, rather than with malicious intent.

The data breach has raised fears for officers’ and staff’s personal safety. Hundreds of police officers in Northern Ireland were murdered during The Troubles, and some are still under threat from paramilitaries.

If you’re working for the police service in Northern Ireland, you’re unlikely to be shouting from the rooftops where you work each day – in fact, it’s possible there are members of your own family who don’t know what you do for living.

The sensitive information was accessible for anyone who accessed the “What Do They Know” website for more than two hours on Tuesday afternoon.

In a statement published on its website, the PSNI has said it is investigating the data breach, and has asked that anyone who did access the spreadsheet delete it immediately.

The PSNI has informed the Information Commissioner’s Office of the incident. In a press conference, PSNI chief constable Simon Byrne described the breach of data as an “unprecedented crisis” for the force, but says he will not be resigning.

There have been unconfirmed claims that the sensitive data has been circulating on WhatsApp.

What a mess…

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.