Man arrested in Northern Ireland police data leak as more incidents come to light
Plus laptop and radio with yet more officers details reportedly nicked from car
A man was arrested in Northern Ireland for suspected Collection of Terrorist Information following an incident where police mistakenly leaked details that identified 10,000 serving officers, but he has now been released on bail.
The information was leaked when police posted a spreadsheet online listing the surnames and initials of 10,000 serving officers in the Police Service of Northern Ireland (PSNI), plus civilian staff members. The info had been published in error in response to a Freedom of Information (FoI) request, according to the PSNI.
The force has now said that a 39-year-old man was arrested on suspicion of Collection of Information likely to be useful to Terrorists, following a search in Lurgan, County Armagh, on August 16.
This offence appears to date to the Terrorism Act 2000, which states that a person commits an offence if they collect or make a record of "information of a kind likely to be useful to a person committing or preparing an act of terrorism." It includes viewing, or otherwise accessing by means of the internet, a document or record containing information of that kind.
The unnamed man was questioned by detectives who were said to be "investigating criminality linked to last week's freedom of information data breach," but has now been released on bail to allow for further inquiries, the PSNI informed us.
However, the force declined to say if the arrested man was known or suspected to have any links with terrorist organizations.
In a statement, Detective Chief Superintendent Andy Hill said the force was "working tirelessly" to address the risk posed to officers and staff following the data leak, and that the arrest was just one piece of a large scale operation.
"We will continue in our efforts to disrupt criminal activity associated with this freedom of information data breach and to keep communities, and our officers and staff who serve them, safe," he added.
PSNI Chief Constable Simon Byrne had already stated he was confident that dissident republican groups, which have a history of targeting police officers, had obtained access to the data, which listed the rank or grade of all police staff, plus the location where they worked and in which department.
Details of a further data leak were also disclosed after the news of the spreadsheet became public. According to the BBC, documents plus a police issue laptop and radio were said to have been stolen from a private vehicle in the Newtownabbey area of County Antrim on July 6. The documents were understood to list details of 200 officers and staff.
Earlier this week, it was revealed that Cumbria Constabulary had inadvertently published the names and salaries of all its officers and staff online earlier this year. Cumbria cops said the information was removed as soon as its publication was discovered, but did not indicate how long it had been online.
Also this week, Norfolk and Suffolk constabularies disclosed that information relating to 1,230 people had inadvertently been included in responses to some FOI requests for crime statistics issued between April 2021 and March 2022.
- You're not seeing double – yet another UK copshop is confessing to a data leak
- Cumbrian Police accidentally publish all officers' details online
- Electoral Commission had internet-facing server with unpatched vuln
- Northern Ireland police may have endangered its own officers by posting details online in error
The data included personal identifiable information on victims, witnesses, and suspects, as well as descriptions of offences. The force said the data in question was hidden from anyone opening the files, but it should not have been included.
It appears that the UK's data watchdog, the Information Commissioner's Office, is likely to be very busy investigating all of the recent data exposure incidents. PSNI Chief constable Byrne had already said he was working on the assumption that his force would be liable to penalties from the ICO or from officers bringing legal claims about the disclosure of their personal data. ®