Police Error Exposes Personal Data Of Crime Victims

Uploaded on 2023-08-19 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Personal data and other information about and relating to victims of crime, witnesses and suspects has been mistakenly released by two police forces in their responses to freedom of information (FOI) requests. 

The Norfolk and Suffolk police force constabularies in England have said that they have mishandled and mistakenly released the sensitive data of victims, witnesses and suspects in cases including domestic abuse incidents, sexual offences, assaults, thefts and hate crime.

The police forces said the data of 1,230 people was included in files responding to freedom of information requests and has apologised.

The Information Commissioner’s Office said both forces had been placed under formal investigation, which could result in them facing fines. In a statement the forces said there was no evidence anyone had clicked on links to read the files.

It is the latest data disaster to hit policing, with blunders being admitted in the last week by the Northern Ireland police service the most serious, which has left officers fearing for their lives.

In a statement, police said: “Norfolk and Suffolk constabularies have identified an issue relating to a very small percentage of responses to freedom of information (FoI) requests for crime statistics, issued between April 2021 and March 2022. “A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FoI requests in question. The data was hidden from anyone opening the files, but it should not have been included... The data impacted was information held on a specific police system and related to crime reports. The data includes personal identifiable information on victims, witnesses and suspects, as well as descriptions of offences. It related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.”

Police said 1,230 people were affected and would be contacted by September. A specialist team of officers and staff have been diverted from their normal duties to deal with the data blunder and the fallout.

Assistant Chief Constable of Suffolk Police, Eamonn Bridger, who led the investigation on behalf of both forces, said “We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.

Alistair Carmichael MP, Liberal Democrats’ home affairs spokesperson, called on home secretary Suella Braverman to conduct an urgent review of data handling across all police forces. “Two data breaches in less than two months is simply unacceptable,” he said. “These errors can have chilling real-life consequences, and it’s disturbing to think that it is becoming routine.”

Any victims of the data breach will be contacted via letter, phone, and in some cases, face-to-face depending upon what information was impacted and what support is required. 

Suffolk Police:    ITV:    Independent:    Telegraph:   Guardian:    Politico:   Image: Kings Church Inetrnational

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How SMEs Can Achieve Cyber Resilience
US Military Offers A Reward To Satellite Hackers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

Evidian

Evidian

Evidian, a Bull Group company, is the European leader and one of the major worldwide vendors of identity and access management software.

Federal Office For Information Security (BSI) - Germany

Federal Office For Information Security (BSI) - Germany

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.

Pixel Concepts

Pixel Concepts