10,000 N Ireland police officers and staff have their details exposed after spreadsheet screw-up

10,000 N Ireland police officers and staff have their details exposed after spreadsheet screw-up

Earlier this week, the details of all 10,000 staff at the Police Service of Northern Ireland (PSNI) were exposed after a spreadsheet containing the data was mistakenly published online.

The spreadsheet, which had been created in response to a Freedom of Information (FOI) request, revealed the surname, initial, rank or grade, and location of all PSNI employees.

In addition, the spreadsheet described what department individuals worked in. Perhaps less scary if it’s human resources or accounts, but alarming if you worked in an area such as intelligence or surveillance.

Sign up to our free newsletter.
Security news, advice, and tips.

The routine FOI request had only requested information about the total number of officers and staff at all ranks and grades across the PSNI. And yet, an employee accidentally included far far too much information – presumably through a cock-up, rather than with malicious intent.

The data breach has raised fears for officers’ and staff’s personal safety. Hundreds of police officers in Northern Ireland were murdered during The Troubles, and some are still under threat from paramilitaries.

If you’re working for the police service in Northern Ireland, you’re unlikely to be shouting from the rooftops where you work each day – in fact, it’s possible there are members of your own family who don’t know what you do for living.

The sensitive information was accessible for anyone who accessed the “What Do They Know” website for more than two hours on Tuesday afternoon.

In a statement published on its website, the PSNI has said it is investigating the data breach, and has asked that anyone who did access the spreadsheet delete it immediately.

The PSNI has informed the Information Commissioner’s Office of the incident. In a press conference, PSNI chief constable Simon Byrne described the breach of data as an “unprecedented crisis” for the force, but says he will not be resigning.

There have been unconfirmed claims that the sensitive data has been circulating on WhatsApp.

What a mess…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.