Investigation launched after data breach at Police Ombudsman’s office

An investigation has been initiated following a significant data breach at the Police Ombudsman for Northern Ireland (PONI) that resulted in the accidental release of personal details of 160 current and former staff members. The breach occurred when a sensitive information document was inadvertently sent to 22 individuals invited to a job interview at the Ombudsman’s office.

The leaked document, a three-page Word file, included the surnames and first initials of all staff employed at PONI in May 2022. Additionally, the document detailed the service area or team each staff member worked in and their employment status, including part-time, agency, contracted, or seconded positions. It also contained information on staff members who had resigned, were due to retire, or were on career breaks, as well as those moving between teams or recent hires.

PONI has taken immediate action to address the breach. The Information Commissioner’s Office (ICO) has been notified, and an independent external investigator will be appointed to review the incident and provide recommendations. The Ombudsman’s office has also reached out to current and former staff members affected by the breach, offering an apology and confirming that steps are being taken to mitigate the impact of the incident. Currently, 12 of the 22 individuals who received the document have confirmed that they have deleted the email and its attachments.

PONI’s chief executive, Hugh Hume, reportedly notified current staff members of the data breach on Friday, expressing deep regret over the error. “We have apologized unreservedly to our current staff for the error, which should not have happened. We are also contacting former staff whose details are included in the document,” a spokeswoman for the office said.

This incident follows a controversial data breach last year involving the Police Service of Northern Ireland (PSNI), where partial names and details of 10,000 staff members were accidentally released in response to a Freedom of Information request. That information, which included the names of PSNI officers, was online for three hours before being removed, but not before it ended up in the hands of dissident republicans. Additionally, in a separate incident, a PSNI laptop and notebook fell from a moving vehicle on the M2 motorway outside Belfast, raising further concerns about data security within Northern Ireland’s public bodies.