A substantial data breach involving sensitive documents related to vehicle seizures by the Irish National Police, known as Garda Síochána, has exposed a database containing over 500,000 records. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who identified an unsecured, non-password-protected database.
Furthermore, the exposed records included details such as notices of automobile seizure, destruction notices, scanned identification documents, and insurance investigation inquiries, potentially impacting thousands of vehicle owners. This incident highlights the significance of data security, particularly in law enforcement operations, and follows a series of security breaches affecting UK police departments throughout 2023.
The exposed database contained extensive information, totaling 271.8 gigabytes in size, and included a range of documents related to the seizure and detention of vehicles by Garda Síochána. Under Irish law, vehicle owners are required to present several documents when their vehicles are seized, making the breach especially concerning for those affected. Despite initially unclear ownership of the database, further investigation revealed that a private technology contractor based in Limerick, Ireland, was responsible for the exposed data. The Garda Síochána was not directly responsible for the misconfiguration of the cloud storage repository that led to the breach.
This breach underscores the need for robust data security measures in law enforcement operations, especially considering the potential risks to individuals when their sensitive information is mishandled. It adds to a growing list of data security incidents affecting police departments, including a breach in the Police Service of Northern Ireland (PSNI) that disclosed personal information of its entire workforce and a breach involving the Metropolitan Police Force, which affected 47,000 members and exposed officers’ personal details.
Additionally, in September 2023, the Greater Manchester Police experienced a contractor data breach that impacted 8,000 officers, involving the suspected theft of warrant card details. In response to this data breach, the Irish National Police must work closely with the private technology contractor to ensure affected individuals receive proper notification and support.