The IT Nerd

The good news is that The Police Service Of Northern Ireland didn’t get pwned by hackers. But the bad news is they might as well have been. I say that because they really screwed up and accidentally published the data on all their staff creating a critical incident in the process:

The Police Service of Northern Ireland (PSNI) earlier apologised for the self-inflicted security breach after it inadvertently published the information in response to a Freedom of Information (FOI) request on Tuesday.

The breach involved the surname, initials, the rank or grade, the work location and departments of all PSNI staff, but did not involve the officers’ and civilians’ private addresses.

Alliance Party leader Naomi Long said it was a concern that a member of staff, who she understands to be “relatively junior”, had access to the sensitive data.

PSNI said its chief constable Simon Byrne is cutting his family holiday short to deal with the crisis and is expected to answer questions from politicians.

This is bad. This is very bad. Why is this bad? Here’s why:

The information, which was available online for up to three hours, revealed members of the organised crime unit, intelligence officers stationed at ports and airports, officers in the surveillance unit and almost 40 PSNI staff based at MI5’s headquarters in Holywood, the Belfast Telegraph reported.

Clearly there was no process in place to limit who has access to this data. Nor were there any checks to make sure that the data was safe to release. This is another one of those cases where heads need to roll over this because I cannot imagine what the members of this police service are going through knowing that some of their personal information is out there right now.

#EpicFail

This entry was posted on August 9, 2023 at 11:41 am and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.