Police accidentally release dozens of passwords in data breach – The Telegraph

Codes to safe houses, digital files of evidence and Wiltshire police computers have been leaked as investigation launched
Copy link
twitter
facebook
whatsapp
email
Copy link
twitter
facebook
whatsapp
email
Copy link
twitter
facebook
whatsapp
email
Copy link
twitter
facebook
whatsapp
email
A police force has accidentally released dozens of sensitive passwords and entry codes in a data breach, The Telegraph has learned.
These included the door codes to safe houses for victims of rape and sexual assault, codes to access systems where digital files of evidence are stored and a password for police computers.
Personal details about several police officers as well as prison staff also formed part of the leak.
Wiltshire police has launched an investigation into how the leak took place and is taking steps to address security concerns.
The document features 13 codes and 13 passwords for police systems and buildings, as well as a list of 32 general police “contacts” which gives a mixture of phone numbers and email addresses for key individuals.
Details of prison officers working at HMP Erlestoke, HMP Winchester and HMP Isle of Wight were leaked.
A source familiar with the breach said: “If this fell into the wrong hands, this could put lots of vulnerable people at risk. It could also lead to evidence being tampered with and cases collapsing. They need to make sure this does not happen again.”
This is the latest scandal involving a data breach by the police. Earlier this year the Police Federation paid out £15m to 19,000 current and former officers who had their personal details compromised and stolen by cyber criminals.
Two huge attacks exposed the home addresses of some officers to hackers six years ago, and in March 2022 the federation admitted a breach of the requirements under the GDPR to have appropriate technical and organisational measures in place.
In 2023, a report found that the biggest data breach in the history of UK policing, which saw the personal details of almost 10,000 Police Service of Northern Ireland (PSNI) officers published online, was missed by six officials.
The surnames, initials, ranks and units where the officers and staff worked ended up in the hands of dissident republicans after being mistakenly published online following a Freedom of Information request in August.
It was initially thought the blunder was the result of “simple human error”, but an independent review into the data breach found that six people missed the mistake before the data was eventually published.
Georgina Halford-Hall, the chief executive of Whistleblowers UK, said: “We are living in an age when confidence in our police forces has never been lower. A careless disclosure of sensitive personal and confidential information that impacts security is more than embarrassing – it could be catastrophic.”
She added that the leak has the potential to “put the safety of police and prison officers and the public at risk not just of accessing police officer’s personal data but it could allow criminals to break into systems and tamper with evidence, discover the location of witnesses or victims of crime”.
Mrs Halford-Hall added: “We would like a commitment from the chief constable of Wiltshire police that the police will fix the internal data security problems and a guarantee that it will not go hunting the whistleblowers.”
A spokesman for Wiltshire police said: “We have launched an investigation to understand the circumstances surrounding a suspected leak of information. We will be taking appropriate actions to address any security concerns.”
Copy link
twitter
facebook
whatsapp
email

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.