The Police Ombudsman for Northern Ireland (PONI) is facing scrutiny following an "accidental" data breach that exposed the personal details of 160 current and former staff members. The breach occurred during an ongoing recruitment exercise and inadvertently revealed names and employment statuses, according to an Irish News press report.
The details of staff members working at the high-profile watchdog in May 2022 were inadvertently released to 22 interview attendants applying for investigator posts at the ombudsman’s office, who received a three-page Word document with the data.Â
The leaked document contained the initial and last name of each staff member, alongside their service area or team. Some first names were also included. More critically, employment statuses such as part-time, agency, contracted, or seconded were disclosed, along with details of staff on career breaks or those recently departed.
The breach came to light when the document was mistakenly sent to 22 candidates applying for positions at the ombudsman's office. Since the incident, 12 of these recipients have confirmed the deletion of the document and associated emails.Â
The office’s mitigation of the breach included contacting the people who mistakenly received the private document, a spokesperson for PONI stated.
Chief executive Hugh Hume notified staff members of the data breach last Friday, according to local media reports. PONI contacted the affected staff, offering apologies and detailing steps to mitigate the breach's impact.Â
Additionally, the Information Commissioner’s Office (ICO) has been notified, and an independent external investigator will be appointed to review the incident.
Accidents happen to everyone. Background check company Jerico Pictures Inc., trading as National Public Data (NPD), suffered a data breach that leaked on a hacker forum on August 6. However, it turns out another NPD data broker with shared access accidentally published the passwords to its backend database.