PSNI's Failure to Prevent Data Breach Could Bring Nearly $1 Million in Fines

The fine addresses a 2023 data breach.

By

The Police Service of Northern Ireland could reportedly face a hefty fine of £750k or nearly $1 Million after failing to prevent a significant data breach last summer, said UK Information Commissioner John Edwards.

The PSNI revealed after the hack last summer that the data was among other people in the hands of dissident republicans.

The police breach occurred when they disclosed information about the 9,483 PSNI policing and civilian workers on the internet in response to a Freedom of Information (FOI) request.

The PSNI may be subject to the proposed fine by the Information Commissioner's Office for failing to secure its employees' personal data. According to reports, the PSNI stated that it could not afford the fine.

Indian Government Issues Warning for TP-Link Wi-Fi Routers Due to Serious Security Issues
Several TP-Link Wi-Fi routers are reportedly being flagged by the Indian government due to their firmware, which is vulnerable to several security issues. RoonZ nl from Unsplash

(Photo: RoonZ nl from Unsplash) Russian Government-Backed Hackers Steal Emails from US Federal Agencies Through Microsoft Accounts

The personal details supplied included the names, initials, ranks, and roles of all currently active PSNI officers and staff members. The proposed fine is preliminary to give the PSNI time to submit arguments before a final decision is made.

Additionally, Mr. Edwards disclosed that the maximum penalty of £5.6 million was at risk; however, he exercised his discretion to drastically lower the sum to prevent public funds from being diverted from areas of greatest need.

Additionally, the Service has been served with a preliminary enforcement notice by the PSNI mandating that it strengthen the security of personal data while fulfilling Freedom of Information requests.

Major UK Data Breach

The possibility of a sanction for the PSNI data breach coincides with a few weeks after an anonymous threat actor breached the Ministry of Defence in the United Kingdom, exposing the private information of the country's armed forces.

The Ministry of Defence payroll system, which was the focus of the hack, contained the names and bank account information of both active and retired military members. Personal addresses could rarely be included in the information.

The data's potential applications and the hacker's identity are unknown. The data, which is called "personal HMRC-style information," is multi-year and concerns Royal Navy, Army, and Air Force personnel who are serving or have retired.

The system was managed by an outside contractor; no operational MoD data was collected. Several sources' initial inquiries showed no evidence that any material had been deleted.

According to the Independent, Barings Law reported that it had registered over a thousand potentially impacted applicants. The hack may have affected as many as 272,000 military members.

MoD Data Breach Potential Perpetrators

When the cyberattack was made public on May 7, Defence Secretary Grant Shapps expressed regret and announced that a thorough inquiry had been started.

Amid rumors that China was the hacker, Mr. Shapps stated that "state involvement" could not be ruled out and that there was evidence of possible shortcomings on the part of the contractor running the payroll system, which might have made it simpler for the hostile actor to obtain access.

A representative for the Chinese embassy stated earlier this month that allegations Beijing was responsible for the attack were maliciously slanderous and entirely untrue.

ChatGPT Privacy Guide: Here Are Some Tips to Protect Your Data in OpenAI's Chatbot
Here are some tricks that you can do to have more privacy when using OpenAI's ChatGPT. Tech Times

(Photo: Tech Times)

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:CybersecurityCyberattackData BreachData LeakData BreachesUKUnited Kingdom
Join the Discussion
Most Popular
Real Time Analytics