Data breach: Personal information of victims, suspects, and witnesses exposed by two British police forces

Home > Industry Analysis > Content

【Summary】Two British police forces, Norfolk and Suffolk, accidentally released crime reports containing personal details of over 1,000 victims, suspects, and witnesses. The data leaks included information on domestic violence, sexual offenses, assaults, thefts, and breaches of hate laws. The police are investigating the breaches and have begun contacting those affected. This incident follows a similar data leak by the Police Service of Northern Ireland.

FutureCar Staff Aug 15, 2023 10:38 AM PT

Data breach: Personal information of victims, suspects, and witnesses exposed by two British police forces

The police services in the English counties of Norfolk and Suffolk have announced that they accidentally released crime reports containing the personal details of over 1,000 victims, suspects, and witnesses. This is the second major data breach by British law enforcement in a week. The data leaks from Norfolk and Suffolk police services affected a small percentage of responses to Freedom of Information requests for crime statistics between April 2021 and March 2022.

The leak occurred due to a technical issue that resulted in raw data being included in the files produced in response to the FOI requests. Although the data was hidden, it should not have been included. The leaked data contained personal identifiable information on victims, witnesses, and suspects, as well as descriptions of crimes including domestic incidents, sexual offenses, assaults, property theft, and breaches of hate laws.

The police forces have stated that they are making strenuous efforts to determine if the leaked data has been accessed by anyone outside of policing. So far, there is no evidence to suggest that this has occurred. The forces have begun contacting the 1,230 individuals affected by the breach to inform them of the incident. The process is expected to take about seven weeks, with some cases requiring in-person contact.

The Assistant Chief Constable of Suffolk Police, Eamonn Bridger, who led the investigation, apologized on behalf of both forces and expressed regret for any concern caused by the incident. He reassured the public that procedures for handling FOI requests are continuously reviewed to ensure the proper protection of all data under the constabularies' control.

The Information Commissioner's Office, the privacy watchdog, is currently investigating the breach, as well as another incident reported in November 2022. The potential impact of this breach emphasizes the importance of robust measures to protect personal information, particularly when the data is sensitive.

This data leak follows a similar incident by the Police Service of Northern Ireland, where personnel files of its entire staff were published online due to mishandling of an FOI request. Concerns have been raised about the potential risk to police officers and their families, as the leaked information includes classified details about their involvement in surveillance and intelligence. The current terrorist threat level in Northern Ireland is "severe," indicating a high likelihood of an attack.