Personal, identifiable information on a total of 1,230 victims, witnesses, and suspects, has been leaked due to a blunder within the UK’s Norfolk and Suffolk police forces. The leaked data included descriptions of offences, and was related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.
Norfolk and Suffolk constabularies said that the breach happened because of a “technical issue”, where some raw data was included in Freedom of Information Act (FOI) requests issued between April 2021 and March 2022.
“The data was hidden from anyone opening the files, but it should not have been included,” the forces said in a statement.
Suffolk’s second breach
The forces say that they have made “strenuous efforts” to determine if the data has been accessed by anyone outside of policing, but have ‘found nothing to suggest that this is the case”.
“We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk,” said T/Assistant Chief Constable of Suffolk Police, Eamonn Bridger, who led the investigation on behalf of both forces.
“I would like to reassure the public that procedures for handling FOI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.”
The leaked data included descriptions of offences, and were related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.
The Information Commissioner’s Office (ICO) is also investigating the data breach, including the earlier breach at Suffolk Police where personal details of sexual abuse victims appeared on the force’s website. Hundreds of people were affected by the breach, and the published information included victims’ names, addresses, dates of birth and details of the committed offences.
“The potential impact of a breach like this reminds us that data protection is about people,” said Stephen Bonner, Deputy Commissioner at the ICO. “It’s too soon to say what our investigation will find, but this breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.”
Norfolk and Suffolk constabularies say that all who have been affected by this data breach will be contacted by the end of September.
Northern Ireland police data breaches
Last week, the Northern Ireland police disclosed details of a “monumental” data breach – also in connection to a FOI request. Then, data containing surnames and initials of more than 10,000 current employees of the Police Service of Northern Ireland, along with location and department information, was published online for almost three hours. The leaked data also included 40 officers based at MI5 headquarters.
A day after the breach, it also emerged that the police were investigating another data breach after a spreadsheet naming more than 200 serving officers and staff, a laptop and radio were stolen from a senior officer’s car in Newtownabbey in July.
Liam Kelly, Chair of the Police Federation for Northern Ireland, said: “This confirmation by the Service makes matters worse. Clearly, urgent answers are required. How did this happen? What steps were put in place to advise and safeguard so many colleagues?”