POLICE have revealed a massive data breach blunder exposing the personal details of more than 1,200 crime victims and witnesses.
Norfolk and Suffolk Police announced the security gaffe concerned information contained in Freedom of Information requests.
The forces said a glitch meant personal details of 1,230 crime victims and witnesses between April 2021 and March last year were accidentally included in FOI requests.
Information held on a specific police system relating to crime reports was included in the compromised data.
These included domestic incidents, sexual offences, assaults, thefts and hate crime.
Eamonn Bridger, Assistant Chief Constable of Suffolk Police, said: “We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.
“I would like to reassure the public that procedures for handling FOI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.”
Tim Passmore, the police and crime commissioner for Suffolk, has also said sorry.
He said: “There has been a data breach involving some Suffolk Constabulary data – this should not have happened and I apologise that it has.
“I have requested regular updates from the Chief Constable so I can be assured everything reasonably possible is being done to put matters right.
“I will also be looking at a full review of the Constabulary’s information-sharing processes to guard against something like this ever happening again.”
The data watchdog the Information Commissioner’s Office is also now investigating.
Stephen Bonner, deputy commissioner at the ICO, said: “The potential impact of a breach like this reminds us that data protection is about people.
“It’s too soon to say what our investigation will find, but this breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.”
Today’s admission comes a week after it was revealed a serious hack has exposed the details of up to 40million Brits to “hostile actors”.
The Electoral Commission apologised for the data breach that allowed cyber-crooks to access the names and addresses of voters.
Experts warned the breach had “all the hallmarks” of a state-sponsored attack and pointed the finger at either China or Russia.
Caroline Carruthers, CEO of global data consultancy Carruthers and Jackson, said of today’s police announcement: “This latest public sector data breach is yet another example of human error caused by a lack of proper data literacy in the public sector.
“Everyone has made a mistake at work by sending an email to the wrong person or attaching the wrong document.
“But in the public sector and especially in this case, those mistakes can lead to very real and very serious consequences for vulnerable people.
“Until the public sector recognises the importance of data literacy at all levels of their organisations, data breaches caused by mistakes like this will unfortunately continue to occur.”