Widespread Security Flaws Blamed for PSNI Data Breach

In August 2023, the Police Service of Northern Ireland suffered from a cyber incident that resulted in 9483 police officers and civilian staff having their personal data exposed.
The breach occurred following the accidental release of data within an Excel spreadsheet following a Freedom of Information request.
This revealed the surnames and initials of current employees in the service, their rank or grade, and the location and department they work in.
An independent review of the event was requested by PSNI and the Northern Ireland Policing Board.
The team that conducted the review, led by NPCC Information Assurance lead and the Commissioner of the City of London Police, Pete O'Doherty, presented their results to PSNI and NIPB on December 11, 2023.
He added that many of the recommendations in the report may apply to many other police forces.
The investigating team added that, based on the information provided, the data breach was not the result of a credible threat being made against PSNI. The cyber incident led to the resignation of Chief Constable Simon Byrne a month later and more than 50 sickness absences.
Over 4000 PSNI employees, including civilians and police officers, are taking legal action against the force.
Top Eight Security Recommendations for PSNI. The NPCC review outlined 37 recommendations, including some that were kept private for security reasons.
Record strategic risks related to cyber and data value maximization and compliance, including its use in innovative technologies.
Ensure regular audits of data functions take place, considering cooperation with other specialists within policing or the public sector.
Reposition the senior information risk owner at a Deputy Chief Constable level.
The SIRO should also establish a force-level Data Board, including clear terms of reference and attendance by Information Asset Owners, data business area leads, and other business areas such as digital and corporate change.
Consider introducing a specialist role akin to a chief data officer overseeing and coordinating data functions.
Review the DPO's role, carefully considering statutory requirements, reporting lines, adequate resourcing, accountability functions and risk management.
Document the FOI process in one standard operating procedure, streamlining and de-duplicating all associated documentation.
Conduct a data maturity assessment with urgency to understand the organizational position and develop a program of work, continuously improving and coordinating existing services and building new capabilities, including data governance and data ethics.
Consider an executive-level sponsored organizational awareness campaign, including explaining the value of FOI, the message that information security and management is everyone's job, and of the importance whilst on and off duty.
Boutcher said that a Data Board is being established, as recommended by the review.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 12 Dec 2023 15:30:12 +0000


Cyber News related to Widespread Security Flaws Blamed for PSNI Data Breach

Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
1 year ago Go.theregister.com
Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
1 year ago Packetstormsecurity.com
Widespread Security Flaws Blamed for PSNI Data Breach - In August 2023, the Police Service of Northern Ireland suffered from a cyber incident that resulted in 9483 police officers and civilian staff having their personal data exposed. The breach occurred following the accidental release of data within an ...
1 year ago Infosecurity-magazine.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
10 months ago Securityzap.com
Northern Ireland police to Pay £750,000 fine Following Data Breach - The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000 fine following a significant data breach last year. The UK’s Information Commissioner, John Edwards, labeled this incident “the worst data breach” his ...
2 months ago Gbhackers.com
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
5 months ago Securityaffairs.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
1 year ago Securityaffairs.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
1 year ago Bleepingcomputer.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
11 months ago Securityboulevard.com
Infosys McCamish Systems data breach impacted over 6M people - MUST READ. Infosys McCamish Systems data breach impacted over 6 million people. Keytronic confirms data breach after ransomware attack. City of Cleveland still working to fully restore systems impacted by a cyber attack. ABN Amro discloses data ...
5 months ago Securityaffairs.com
Evolve Bank data breach impacted fintech firms Wise and Affirm - MUST READ. Evolve Bank data breach impacted fintech firms Wise and Affirm. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
5 months ago Securityaffairs.com
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
1 year ago Securityboulevard.com
AvidXchange Notifies Consumers of Data Breach Following Period of Unauthorized Access - On October 13, 2023, AvidXchange, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that a recent cybersecurity event resulted in an unauthorized party being able to access the company's IT network. In ...
1 year ago Jdsupra.com
Ticketmaster confirms data breach impacting 560 million customers - MUST READ. Ticketmaster confirms data breach impacting 560 million customers. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a RansomHub attack. OmniVision disclosed a data breach ...
6 months ago Securityaffairs.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
10 months ago Go.theregister.com
Fewer cybersecurity professionals losing their jobs in breach 'blame' game - Cybersecurity job loss after a major incident is becoming less likely as organizations drop the "Blame" game for more practical approaches to breach prevention, a survey of 500 CISOs shows. More than 95% of CISOs reported their teams received greater ...
1 year ago Scmagazine.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Dakota Eye Institute Files Notice of Data Breach Affecting More Than 107k Individuals - On October 23, 2023, the Dakota Eye Institute filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that patients' personal information was compromised following a cyberattack. ...
1 year ago Jdsupra.com
Akumin Files Notice of Data Breach with the Securities and Exchange Commission - On October 16, 2023, Akumin Inc. filed a notice of data breach with the Securities and Exchange Commission after discovering that it had been the recent victim of a ransomware attack. In this notice, Akumin explains that the incident resulted in an ...
1 year ago Jdsupra.com
Texas Retina Associates Notifies Nearly 300k People of Recent Data Breach - On June 26, 2024, Texas Retina Associates filed a notice of data breach with the Attorney General of Texas after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, ...
5 months ago Jdsupra.com
Forward Bank Notifies 46,019 Customers of Recent Data Breach - On November 17, 2023, Forward Bank filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access certain files on the company's computer network. In this notice, Forward Bank explains ...
1 year ago Jdsupra.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)