Northern Ireland government departments suffered close to 50 breaches since 2013

The Northern Ireland government suffered almost fifty data breaches in the past decade that compromised the sensitive personal information of millions.

A recent government report accessed by the BBC revealed that Stormont departments were targeted by threat actors almost fifty times in a period of ten years. The Department of Justice was targeted the most during this period, suffering as many as thirteen breach incidents.

The Department for Communities also suffered some “major incidents” and was breached seven times, along with the Department for Infrastructure. These breaches included loss of papers containing sensitive medical data and a member of staff inappropriately accessing their ex-partner’s benefits information, according to the BBC.

All the nine Northern Ireland government departments said that the breaches were referred to the Information Commissioner’s Office (ICO) and relevant actions were taken to ensure information was deleted.

Felicity Huston, a former government employee previously working with the commissioner for public appointments in Northern Ireland, found a working trend in the data breaches.

“The government is insisting more and more that we go online and they collect vast amounts of our data that way - the least they can do is keep it safe,” Huston said.

The Department for Communities also suffered some significant breaches such as information being left in a restaurant, the possible disclosure of a former identity, the loss of a laptop and hard-copy files containing confidential “special category information.”

The Cumbria Police also suffered a significant breach involving the personal data of its officers and staff. The security incident that took place in March this year was disclosed around August, almost 5 months later. The breach invovled accidental human error which led to the inadvertent publication of sensitive information, including the names and salaries of over 2,000 employees affiliated with the Cumbria Police Force.

Around the same time, the Police service of Northern Ireland suffered another significant breach when a spreadsheet containing the personal data of police officers was released accidentally along with a Freedom of Information (FoI) request. This raised serious concerns about the safety and security of those whose personal data was compromised during the incident and their families.

The latest figures obtained by BBC News NI show that all of the 48 data breaches recorded by Stormont departments since 2013 were referred to the Information Commissioner’s Office.

“People have the right to expect that their personal information is kept safe and handled responsibly. Organisations must have robust measures in place to protect personal information, especially when that data is sensitive,” an ICO spokesperson said.