In a recent revelation, Cumbria Police, a British law enforcement agency, finds itself grappling with a significant data breach involving its entire workforce. The Guardian reports that the personal information, including names and salaries, of over 2,000 officers and staff members, was inadvertently made public.
This mishap, which occurred in March but only came to light recently, has led to a public apology from Cumbria Police. The breach raises concerns about data security within law enforcement agencies, echoing a similar incident involving the Police Service of Northern Ireland.
Furthermore, the breach, though not as severe as the incident with the Police Service of Northern Ireland, has triggered embarrassment for Cumbria Police. Despite its smaller size compared to larger forces, Cumbria’s accidental data leak encompassed confidential details from personnel occupying even covert and sensitive positions. The leak encompassed information from 1,304 police officers, 756 staff members, and 52 police community support officers. The compromised data included not only names and salaries but also the job positions held by each individual.
Cumbria Police attributed the breach to human error, acknowledging that the uploaded data contained sensitive information about its employees, without divulging specifics like deployment locations or personal details such as birthdates and addresses. The police force quickly removed the exposed information once the breach was detected, and every affected person was informed promptly.
The Information Commissioner’s Office (ICO) was brought into the loop, although no further actions were deemed necessary based on their review of the incident. ICO’s evaluation emphasized the importance of handling data breaches on a case-by-case basis, ensuring appropriate measures are taken to prevent future occurrences.