UK Police Data Breach Exposes Victim Information

Written by

The Norfolk and Suffolk police in the UK have confirmed the accidental exposure of personal data belonging to more than 1000 individuals, including crime victims. 

The disclosure occurred within Freedom of Information (FOI) responses issued by law enforcement agencies. According to a joint statement from the East Anglian constabularies, a “technical issue” resulted in the inclusion of raw crime report data in a “very small percentage” of FOI responses distributed between April 2021 and March 2022.

“A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FOI requests in question,” reads an official statement from Norfolk and Suffolk police. “The data was hidden from anyone opening the files, but it should not have been included.”

This occurrence marks the most recent data breach involving police responses to FOI requests in the UK, following the mishap on August 8, where the Police Service of Northern Ireland inadvertently unveiled sensitive information roughly 10,000 officers and staff members.

Read more about the Northern Ireland breach: Northern Ireland Police Officers Vulnerable After Data Leak

The compromised data in the Norfolk and Suffolk breach encompassed information stored within a dedicated police system, including data on crime reports, details regarding victims, witnesses and suspects, and descriptions of the criminal acts. The spectrum of offenses encompassed domestic incidents, sexual offenses, assaults, thefts and instances of hate crime.

In response to the breach, an exhaustive analysis was promptly conducted, and the affected individuals are in the process of being notified about the potential compromise of their data. The communication process is expected to conclude by the end of September.

The incident has attracted the attention of the Information Commissioner’s Office (ICO), the regulatory authority responsible for overseeing data protection. 

“We are currently investigating this breach and a separate breach reported to us in November 2022,” stated Stephen Bonner, deputy commissioner at the ICO. “In the meantime, we’ll continue to support organisations to get data protection right so that people can feel confident that their information is secure.”

Individuals concerned about their data are encouraged to seek guidance from the ICO’s official website.

Editorial image credit: Joe Kuis /

What’s hot on Infosecurity Magazine?