A huge data breach has happened in Northern Ireland which has led to the details of all 10,000 staff being revealed.

A data breach is a security incident where sensitive, confidential or personal information is accessed without authorisation. This could be through an accidental (or a malicious individual) disclosure, or the data being stolen. This type of attack has been around longer than the digital world as paper based records can also be breached. However, since the rise of the digital world, there is more data, and it has become more valuable. This has caused a sharp rise in the number of data breaches happening.

Accessing data via freedom of information requests

In Northern Ireland, the Freedom of information act (2000) is followed. This act covers the right of the public to see the information held by public bodies. All public bodies by law must make an accessible procedure for the general public to enquire about any aspect of the public works. There are some exceptions to the act, such as information that is withheld for public security or information being held by the Ministry of Defence.

Last week, the Police Service of Northern Ireland (PSNI) received a Freedom of Information request and in this request, they shared the names of all police and civilian personnel associated with PSNI as well as where they are based and their roles. These details were then published online. The request had asked for a breakdown of all staff ranks and grades. The information expected to be received was a list detailing the number of staff per grade, such as Constable.
The requester did receive this information as part of a spreadsheet which also contained the surnames and first name initials of more than 10,000 members of the PSNI.

The virtual and real-world threat to safety

The effect of this has caused a serious threat to the safety of many of the officers and they have all been warned that they must be extremely vigilant about their personal security following this event.
This is due to the current severe threat to PSNI officers and employees from Northern Ireland related to terrorism. Many of the officers are said to have kept their employment secret from many, including sometimes family members. This is especially apparent from members of nationalist communities.

This incident was caused by human error. Whoever fulfilled the Freedom of Information request sent the spreadsheet containing all of the information. A simple human error has caused a huge increase in the personal safety of more than 10,000 individuals.

The importance of safety controls

Prevention of this breach was entirely possible with further controls, both human and technical.
Every business needs to understand where personal information is stored, who has access to it and how much of it can be exported. This attack could likely have been avoided if the technical controls were different and the data had been blocked from being exported in the first place.

Is your data secure? Do your staff understand the risk they are to your business’s security? Stay Cyber Wise and contact us today to see how we can help you put safety controls in place for your business.