Norfolk, Suffolk Police Confirm Data Breach

Tom Jowitt,
Linkedin
Pronto is used by 20 police forces and more than 40,000 officers across England, Wales and the Channel Islands, and could now be used by 10,000 in Scotland.

Another data breach for a UK police force, after Norfolk and Suffolk police admit victim data has been accessed

A data breach has once again struck a UK police force, after Norfolk and Suffolk police admitted that personal identifiable information on crime victims has been compromised.

In its notice about the breach, Norfolk and Suffolk police admitted “an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.”

It comes after the Police Service of Northern Island last week admitted that a FOI request had accidentally exposed the names and locations of every police officer in Northern Ireland – valuable data that has wound up in the hands of dissident republicans.

Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

Data breach

In its admission, Norfolk and Suffolk constabularies said a technical issue led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question.

It said the data was hidden from anyone opening the files, but it should not have been included.

The data impacted was information held on a specific police system and related to crime reports, it added. The data includes personal identifiable information on victims, witnesses, and suspects, as well as descriptions of offences.

It is related to a range of offences, including domestic incidents, sexual offences, assaults, thefts and hate crime.

Norfolk and Suffolk constabularies said it had carried out a full and thorough analysis into the data impacted and has started the process of contacting those individuals who need to be notified about an impact to their personal data, which will be completed by the end of September.

The police force said it will be notifying a total of 1,230 people whose data has been breached.

Police apology

It added that strenuous efforts have been made to determine if the data released has been accessed by anyone outside of policing. At this stage it found nothing to suggest that this was the case.

The Information Commissioner’s Office (ICO) has been notified and is being kept updated.

“We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk,” said T/Assistant Chief Constable of Suffolk Police, Eamonn Bridger, who led the investigation on behalf of both forces.

“I would like to reassure the public that procedures for handling FOI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected,” said Bridger.