What happened in the Greater Manchester Police data breach?
The personal details of victims of crime in Greater Manchester have been put online by mistake.
The data breach affects victims of sexual abuse, witnesses and people reporting crime. According to the Force, no informant details were breached.
Thousands of people are thought to be affected.
The breach happened when a software contractor uploaded historical crime data as part of a test. This data included displays, graphs and statistics which linked to more confidential information.
The story initially came from an anonymous whistleblower, but has since been reported in the Manchester Evening News. The newspaper describes the breach as ‘very serious’ – in both size and content.
What information was breached?
The information compromised in the Greater Manchester Police data breach relates to historic incidents. With a simple click, anyone could have accessed the names of victims, and the area where the crimes took place.
Data related to ongoing incidents was not breached.
What is happening now?
The breach is under investigation by Greater Manchester Police and a separate investigation has been launched by the Information Commissioner’s Office (ICO).
There is no evidence that the information has been accessed by anyone outside Greater Manchester Police, but many victims impacted by this breach are understandably very distressed. Indeed, data breaches can cause or exacerbate anxiety, stress and other psychological conditions.
Crucially, victims of sex crimes have a legal right to remain anonymous, so this is a very serious privacy violation.
What has Greater Manchester Police said about the data breach?
Commenting on the Greater Manchester Police breach, Assistant Chief Constable Chris Sykes said:
“We are aware of a possible data breach involving a limited dataset of personal information, which was used for testing purposes by our supplier.
“An internal investigation was immediately initiated and GMP proactively referred the matter to the Information Commissioners Office (ICO).
“In line with the ICO requirements GMP recorded the breach as soon as we became aware and gave a full description of the type of data involved.
“As well as informing the ICO our other priority was to contact our supplier to ensure the information was immediately taken down to make sure no further breaches were possible.
“Although any breach of data is a risk, I want to reassure the communities of Greater Manchester that the type of data available was limited personal data and did not include any detailed information on specific incidents or crimes. It also did not include any pictures, videos or addresses.
“This was in no way a breach of our live, operational system and was a snapshot of data that was being used on a test system.
“At this time there are currently no indicators to suggest that this data has been viewed by anyone outside of the authorised teams or that the data has been extracted.
“The investigation is currently ongoing with both the ICO and GMP and further reports will be issued to the ICO as appropriate.
“As the investigation is still ongoing we cannot provide any further information at this stage.”
What can you do about the Greater Manchester Police data breach?
If your data has been put at risk in this data breach, you can make a claim with Keller Lenkner UK.
We are committed to helping those affected by data breaches and cybercrime. And we believe that something has to be done to make organisations accountable for not looking after our information correctly.
This is not the first time the police has been involved in a data breach, in 2017 Manchester police was fined £150,000 after interviews of victims of violent and sexual crimes were lost in the post.