Police officers have left the force and spend thousands on home security as a result of PSNI data breach

Stock photograph of PNSI logo against a brick wall
-Credit: (Image: Niall Carson/PA Wire)


Police officers have revealed they have had to spend thousands on home security and some have even left the force as a result of a PSNI Data Breach.

The Information Commissioner's Office has fined the PSNI £750,000 following the data breach on August 3, 2023, when it released the personal details of all 9,483 PSNI officers and staff in a spreadsheet attached to an FOI request. These details included their the surnames, initials, ranks and roles.

The force had faced a potential fine of £5.6million, with the Information Commissioner John Edwards saying that this was reduced due to the ICO's public sector approach and that any other organisation would have faced the larger penalty.

Read more: Belfast Trust investigating patient details data breach at Mental Health unit

Read more: PSNI to face £750,000 fine as a result of data breach that could have been easily avoided

The data breach took place after the police received an FOI request asking for the "the number of officers at each rank and number of staff at each grade" along with another request for a distinction between “how many are substantive / temporary / acting".

Following this the information was gathered onto an excel spreadsheet from the PSNI’s human resources management system (SAP).

As the information was analysed for disclosure, multiple other worksheets were created within the downloaded Excel file. On completion, all visible onscreen worksheet tabs were deleted from the Excel file. The original worksheet, containing the personal details, remained unnoticed and this was also not picked up despite quality assurance.

This file was then uploaded to the website What Do They Know at 2.31pm, with the PSNI discovering the data breach after it was alerted by its own officers just after 4pm.

In the days following the breach, the PSNI said it was working on the assumption that the information was in the hands of dissident republicans and that it would be used to create fear and uncertainty and for intimidation.

In the wake of the data breach, PSNI officers and staff members were left very concerned by the risk they could be at, with a number telling the ICO that they have had to spend thousands installing security and CCTV equipment at their homes while others have said they felt like they had no other option but to leave their "dream job" due to the threat posed to them by the breach.

One person said: "Everything has culminated and become too much for me to the point that I have accepted another job outside of the police. I am essentially taking a pay cut not to mention leaving the job that I dreamed of since I was a small child and geared my whole life towards. To say I am devastated is an understatement but I feel I have no choice.”

Another said: "“How has this impacted on me? I don’t sleep at night. I continually get up through the night when I hear a noise outside to check that everything is ok. I have spent over £1000 installing modern CCTV and lighting around my home, because of the exposure.”

John Edwards, UK Information Commissioner said: "It's really important that we recognise the gravity and the impact on the individuals.

"We have applied a discount right from the start, so if this had happened in a different kind of organisation, they could have been looking at a fine of £5.6 million.

"So the discount to 750 took into account what we call our public sector approach, which also includes an understanding that the police have limited resources. But it is really important for the victims that they see that we and the police take this seriously.

"We issued a notice of intention to issue an enforcement notice and we specified in that the kinds of things we would be asking them to do. They've taken the opportunity in the need into the end period, to actually proactively get on with those things.

"So we're satisfied that they've taken sufficient measures to ensure that if the same circumstances occurred, the breach would not result."

Jon Boutcher, Chief Constable Police Service of Northern Ireland, said: “Today’s confirmation that the ICO has imposed a £750,000 fine on the Police Service of Northern Ireland is regrettable, especially given the financial constraints we are currently facing. This fine will further compound the pressures the Service is facing. Although the majority of the cost (£610,000) was accounted for against the budget last year, a further £140,000 will now be charged against our budget in the current financial year.

“Following the ICO’s announcement in May that they intended to impose a fine and issue an Enforcement Notice we made representations regarding the level of the fine and the requirements in their enforcement notice. While we are extremely disappointed the ICO have not reduced the level of the fine we are pleased that they have taken the decision not to issue an Enforcement Notice. That decision is as a direct result of the police service proving to the ICO that we had implemented the changes recommended to improve the security of personal information in particular when responding to FOI requests.

“The personal testimonies above serve as a stark reminder of the impact the data loss had on our officers and staff and I know this will once again be to the forefront of their minds. As a service we are in a different place today than we were last August and we have continued to work tirelessly to devalue the compromised dataset by introducing a number of measures for officers and staff. We have provided significant crime prevention advice to our officers and staff and their families via online tools, advice clinics and home visits.

“We continue to progress the recommendations made by the ICO and also the recommendations made by the Independent Review Team who published their findings in December 2023, including the establishment of the Deputy Chief Constable as the Senior Information Risk Owner (SIRO) and the establishment of a Strategic Data Board and Data Delivery Group, ensuring that information security and data protection matters are afforded the support and attention they critically deserve.
“Work is ongoing to ensure everything that can be done is being done to mitigate any risk of such a loss occurring in the future.”

For all the latest news, visit the Belfast Live homepage here and sign up to our daily newsletter here.