Police have revealed a massive data breach blunder exposing the personal details of more than 1,200 crime victims and witnesses.
Norfolk and Suffolk Police announced the security gaffe concerned information contained in Freedom of Information requests.
The forces said a glitch meant personal details of 1,230 crime victims and witnesses between April 2021 and March last year were accidentally included in FOI requests.
Information held on a specific police system relating to crime reports was included in the compromised data.
These included domestic incidents, sexual offences, assaults, thefts and hate crime.
Eamonn Bridger, Assistant Chief Constable of Suffolk Police, said: “We would like to apologise that this incident occurred, and we sincerely regret any concern that it may have caused the people of Norfolk and Suffolk.
“I would like to reassure the public that procedures for handling FOI requests made to Norfolk and Suffolk constabularies are subject to continuous review to ensure that all data under the constabularies’ control is properly protected.”
Tim Passmore, the police and crime commissioner for Suffolk, has also said sorry.
He said: “There has been a data breach involving some Suffolk Constabulary data – this should not have happened and I apologise that it has.
“I have requested regular updates from the Chief Constable so I can be assured everything reasonably possible is being done to put matters right.
The data watchdog the Information Commissioner’s Office is also now investigating.
Stephen Bonner, deputy commissioner at the ICO, said: “The potential impact of a breach like this reminds us that data protection is about people.
“It’s too soon to say what our investigation will find, but this breach – and all breaches – highlights just how important it is to have robust measures in place to protect personal information, especially when that data is so sensitive.”
The Electoral Commission apologised for the data breach that allowed cyber-crooks to access the names and addresses of voters.
Experts warned the breach had “all the hallmarks” of a state-sponsored attack and pointed the finger at either China or Russia.