Commissioner calls for probe into police data breach as names and address are leaked online

Data breach
Data breach

A police data breach in which individuals’ confidential details including names and addresses were leaked online has sparked an investigation.

The information – relating to people involved in anti-social behaviour cases – appeared on a Herts Police section of a government website for a total of five days after what the force has called ‘a computer error’.

The breach – discovered by a police officer earlier this month – prompted immediate action to have the data removed and a thorough risk assessment was carried out, identifying 61 cases where individuals’ personal details had been inadvertently published.

Of these, nine were relating to Dacorum residents.

According to the county constabulary, around 25,000 reports of anti-social behaviour are received in total each year.

There have been no reports that the data was seen on police.uk by any member of the public or staff from the community safety partner agencies, but the force is contacting those affected to offer a full explanation in line with data protection guidance.

Herts police and crime commissioner David Lloyd called the breach ‘a very serious matter’ and said he is closely monitoring the constabulary’s response.

He added: “I am satisfied the police have done their utmost to limit any impact and to prevent further breaches, however, I have asked for a report on what went wrong and lessons to be learned to prevent a repeat.

“We have had great success in reducing anti-social behaviour in Hertfordshire over the last few years. Much of that can be put down to the highly effective partnership-working enabled by this case management computer system.

“It is vital that we get it right and that the public and partners can be confident in it. I am determined to make sure that continues to be the case.”

The force’s head of crime reduction and community safety Supt Andrew McCracken said: “We take the handling of data on our systems extremely seriously and we very much regret that the data breach occurred.

“Fortunately, the pages where the information appeared were accessed by very few people and we are confident that any risk to people whose information appeared on the site has been minimised.

“In our role as data controller we have referred the case ourselves to the Information Commissioner’s Office.

“We have taken immediate mitigating action and continue to ensure that any individuals affected have a point of contact within the police to support them.

“We believe that the information breach occurred as a result of a technical computer problem. A full investigation into how the breach happened is on-going and the affected webpages will remain suspended.

“The public can be confident that the details held on the system are now secure and confidential.”