An investigation has been initiated after an “accidental” data breach led to the leak of employee details of the Police Ombudsman for Northern Ireland (PONI). The PONI data breach revealed details of more than 150 current and former staff members.
PONI has contacted the Information Commissioner’s Office about the data leak incident. The leaked information included the last name and first name’s initial of all staff employed at PONI as of May 2022. A document containing some of their personal details was “inadvertently released.”
Police Ombudsman for Northern Ireland Data Breach Details
As reported by the Irish News, a spokesperson for the ombudsman confirmed that details of staff members who were working at the high-profile watchdog in May 2022 was inadvertently released to 22 people who are being invited to interview as part of an ongoing recruitment exercise.”
Those who received the three-page word document had applied for investigator posts at the ombudsman’s office. According to media reports, chief executive Hugh Hume notified staff members of the data breach last Friday.
The document contained the first name name initial and last name of all members of staff employed at the time, and were “listed by the service area or team in which they work.” The details were so extensive that the employment status was also revealed in the leaked details – for example part-time, agency, contracted or seconded.
Details of staff members who had resigned or were due to retire, were on career breaks, moving between teams or new starts, were also included.
The ombudsman’s office confirmed some first names were included in this information.
A spokesperson for the office told the Irish News, “The office has taken immediate action to mitigate the breach, including contacting those who received the document in error.
“To date, 12 of the 22 individuals have confirmed that they have deleted the email and associated documentation.”
The spokesperson added that former staff members are being contacted.
“We have apologized unreservedly to our current staff for the error which should not have happened and are also contacting former staff whose details are included in the document,” she said.
“In total 160 current and former staff are affected. We have notified the ICO (Information Commissioner’s Office) and will appoint an independent external investigator to review the incident and make recommendations.”
Not the First Data Breach
According to media reports, the Police Service of Northern Ireland (PSNI) was under the scanner when partial names and other details of 10,000 PSNI staff members were accidentally released in response to a Freedom of Information request.
The names of PSNI officers had been online for three hours which were later removed. The released information later ended up in the hands of dissident republicans.
It later emerged that a PSNI laptop and notebook fell from a moving vehicle on the M2 motorway in a separate data breach.
It is understood the items fell from the roof of the car as it made its way along the M2 foreshore, outside Belfast.