close
close

Police Ombudsman for Northern Ireland apologizes for data breach

An investigation has been launched after an “accidental” data breach led to the exposure of Police Ombudsman for Northern Ireland (PONI) employee details. The PONI data breach revealed details of more than 150 current and former employees.

PONI has contacted the Information Commissioner's Office about the data leak incident. The leaked information included the last name and first name of all employees employed by PONI as of May 2022. A document containing some of her personal information was “accidentally published.”

Details of the Police Data Breach Ombudsman in Northern Ireland

As Irish News reported, a spokesman for the Ombudsman confirmed that details of staff working at the high-profile watchdog in May 2022 were inadvertently passed on to 22 people who will be interviewed as part of an ongoing recruitment exercise. ”

Those who received the three-page Word document had applied for investigative positions at the ombudsman's office. According to media reports, CEO Hugh Hume informed employees about the data breach last Friday.

The document included the first names, first names, first names and last names of all employees employed at the time and was “listed by the service area or team in which they work.” The details were so extensive that the leaked details also revealed employment status – for example, part-time, agency, contract or seconded.

Information was also provided on employees who had resigned or were about to retire, were on a career break, were moving between teams or starting a new job.

The Ombudsman's Office confirmed that some first names were included in this information.

A spokesman for the office told Irish News: “The office took immediate action to contain the breach, including contacting those who received the document in error.”

“So far, 12 of the 22 people have confirmed that they have deleted the email and associated documentation.”

The spokesman added that former employees would be contacted.

“We have apologized unreservedly to our current employees for the error, which should not have happened, and are also contacting former employees whose details are included in the document,” she said.

“A total of 160 current and former employees are affected. We have notified the ICO (Information Commissioner's Office) and will appoint an independent external investigator to review the incident and make recommendations.”

Not the first data breach

According to media reports, the Police Service of Northern Ireland (PSNI) was under surveillance when partial names and other details of 10,000 PSNI staff were accidentally released in response to a Freedom of Information request.

The PSNI officers' names were online for three hours and were later removed. The published information later found its way into the hands of dissident Republicans.

It later emerged that a PSNI laptop and a PSNI notebook fell from a moving vehicle on the M2 motorway in a separate data breach.

It is understood the items fell from the roof of the car as it moved along the M2 coast outside Belfast.