The Police Service of Northern Ireland could reportedly face a hefty fine of £750k or nearly $1 Million after failing to prevent a significant data breach last summer, said UK Information Commissioner John Edwards.
The PSNI revealed after the hack last summer that the data was among other people in the hands of dissident republicans.
The police breach occurred when they disclosed information about the 9,483 PSNI policing and civilian workers on the internet in response to a Freedom of Information (FOI) request.
The PSNI may be subject to the proposed fine by the Information Commissioner's Office for failing to secure its employees' personal data. According to reports, the PSNI stated that it could not afford the fine.
The personal details supplied included the names, initials, ranks, and roles of all currently active PSNI officers and staff members. The proposed fine is preliminary to give the PSNI time to submit arguments before a final decision is made.
Additionally, Mr. Edwards disclosed that the maximum penalty of £5.6 million was at risk; however, he exercised his discretion to drastically lower the sum to prevent public funds from being diverted from areas of greatest need.
Additionally, the Service has been served with a preliminary enforcement notice by the PSNI mandating that it strengthen the security of personal data while fulfilling Freedom of Information requests.
Major UK Data Breach
The possibility of a sanction for the PSNI data breach coincides with a few weeks after an anonymous threat actor breached the Ministry of Defence in the United Kingdom, exposing the private information of the country's armed forces.
The Ministry of Defence payroll system, which was the focus of the hack, contained the names and bank account information of both active and retired military members. Personal addresses could rarely be included in the information.
The data's potential applications and the hacker's identity are unknown. The data, which is called "personal HMRC-style information," is multi-year and concerns Royal Navy, Army, and Air Force personnel who are serving or have retired.
The system was managed by an outside contractor; no operational MoD data was collected. Several sources' initial inquiries showed no evidence that any material had been deleted.
According to the Independent, Barings Law reported that it had registered over a thousand potentially impacted applicants. The hack may have affected as many as 272,000 military members.
MoD Data Breach Potential Perpetrators
When the cyberattack was made public on May 7, Defence Secretary Grant Shapps expressed regret and announced that a thorough inquiry had been started.
Amid rumors that China was the hacker, Mr. Shapps stated that "state involvement" could not be ruled out and that there was evidence of possible shortcomings on the part of the contractor running the payroll system, which might have made it simpler for the hostile actor to obtain access.
A representative for the Chinese embassy stated earlier this month that allegations Beijing was responsible for the attack were maliciously slanderous and entirely untrue.
(Photo: Tech Times)
