Human error and attacks orchestrated by cybercriminals have resulted in thousands of data breaches within UK police stations since 2016 FOI responses highlighted Lancashire Police as the station with the most instances of compromised sensitive information The Metropolitan Police recorded zero data breaches since 2016 In 2020 alone, 22 police stations reported 2386 occasions in which private documents were accessed by an unauthorised person
Technology has seen millions of businesses across the globe retire their filing cabinets, and slowly but surely, transition to online only. Gone are the days of desks swamped with huge piles of paper and libraries of folders from previous financial years. Big names like Google and Microsoft have curated a seamless service, which businesses can use to store all of their important documents. They’ve really proven their worth over the last year, as many businesses have had their staff members collaborating on documents remotely. They’re even used by government institutions, as they often rely upon these online services to manage their files.
As technology has advanced, so have the criminal attacks on our privacy
Back when we used to use pens and paper, we could lock sensitive documents away under a physical lock and key. But, as we’ve moved our businesses online, protecting these private pages has become more difficult. It’s not as simple as putting password protections to keep beady eyes at bay. Firewalls, encryption software, VPNs, password rotation policies, and authentication keys are ways to stall hackers, but it can be tough to utilize them to their full potential. In fact, over the years, huge companies have fallen foul to cybercriminals. Back in 2016, Tesco saw £2.6m stolen from its customers, after over 10,000 online banking accounts were hacked. This resulted in huge financial losses for both customers and Tesco. The supermarket chain was ordered to pay a £16.5m fine by the Financial Conduct Authority, and had to reimburse all of its customers. More recently, beauty retailer and pharmacy chain Boots, faced a potential breach of around 150,000 customer’s information. They were forced to suspend loyalty card payments after hackers tried to steal passwords to accounts.
Cybercrime and data leaks also affect public organizations
It’s not just private companies that can be subject to serious data breaches. Government bodies are just as vulnerable to highly skilled hackers, sometimes backed by foreign governments, ready to steal whatever information they can. Even the police are at risk. They hold plenty of personal information on many members of their local community, in complex and extensive files online. It’s not just cybercriminals who put the police’s data at risk. Human error plays a huge part too, the wrong contact information can be accidentally included. Occasionally, wrong files will be sent out to the wrong person, breaching data protection. So, with so many ways for sensitive data to be compromised, how often does it actually happen? We submitted Freedom of Information (FOI) requests to find out. We asked 45 police stations across the UK how many data breaches they had experienced. To narrow it down, we asked the stations to break it down from 2016 to 2020, as well as any breaches they’d experienced in the first four months of 2021. Of all police stations contacted, 31 have got back to us, and the results are shocking.
2020 Data Breaches
Whilst we wanted to reveal the overall figures since 2016, we also wanted to take a closer look at the more recent experiences of police stations across the UK. In 2020 alone, there were 2386 data breaches recorded by 22 police stations.
In the table below, we have listed all of the police stations that told us they experienced data breaches in 2020. Additionally, three police stations shared their information broken into financial years. Hampshire Constabulary experienced one data breach in the past financial year, Thames Valley Police four, and Cheshire Constabulary recorded 289 data breaches during the last financial year.
Most breaches overall from 2016 to 2020
The FOI results show that the national average is 299 data breaches per police station from 2016 up to 2021. The Lancashire Constabulary is the ‘worst’ station in the UK for data breaches. They revealed that they had to deal with 1300 breaches of data in their files. Cheshire Constabulary experienced a similar amount of issues, they recorded 1193 data breaches overall. The Sussex Police force had 980 times incidents of sensitive information being exposed. The Police of Northern Ireland also recorded a higher than average number of data breaches over the time period. Their FOI response revealed that the force had to deal with 928 instances of private documents being breached by potential hackers. Other stations that revealed they have experienced more than the average numbers of breaches include Humberside Police with 534, Avon and Somerset Constabulary with 481, Durham Constabulary with 443, and the West Midlands Police with 364.
Police stations with most breaches in a single year
Whilst some stations suffered large numbers of data breaches on average over the years, some precincts found specific years more challenging instead. The FOI request results revealed that Lancashire Constabulary experienced the largest number of breaches in a single year. The force recorded 594 occasions of private files being compromised in the year 2020. Sussex Police landed in the middle, with 334 data breaches in the year 2020. Following closely behind were Cheshire Constabulary, with 327 data breaches in 2019 and Humberside Police with 239 in 2019.
Police stations with the least breaches
Some local police departments managed to keep their number of data breaches to a minimum over the last five years. Responding to our FOI request, five stations recorded under ten instances in which their sensitive information was compromised. Devon and Cornwall Constabulary told us that there were five data breaches over the last five years. We broke it down and found that there were three instances of data breaches in 2019, and two in 2020. The same amount of data breaches were recorded by Northumbria Police, as just five accounts of sensitive information being compromised were recorded. Three in 2019, one in 2018 and one in 2017. Similar numbers were reported from the Warwickshire Police, with three in 2019 and two in 2020. However, in their response to our FOI, Warwickshire Police stated that for 2016, 2017 and 2018 there were no records available. This was because during those years, the station was managed by the Alliance Information Compliance Unit at West Mercia Police. The FOI request also revealed that South Yorkshire Police reported three occasions when their private files were breached in 2019, and two occasions in 2020. Further North, Police Scotland had similar experiences with hackers threatening their cybersecurity. The Scottish police informed us that they had experienced four reportable data breaches over the last five years. One in 2018, two in 2019 and one in 2020.
Zero breaches
Despite stations across the country suffering from high numbers of data breaches throughout the years from 2016, some police stations have managed to avoid breaches altogether. Two precincts responded to the FOI, informing us that they have had zero data breaches from the years 2016 to 2020. The capital’s police force, the Metropolitan Police, was one of the most notable forces that reported having no data breaches whatsoever. Officers at the Dorset Police station also responded to our FOI request, stating that they had not suffered from a single data breach in the last five years!
2021 breaches
Our FOI request also revealed an insight into what kind of encounters police stations have experienced in the year 2021 so far. Whilst some police forces could not provide the data, Warwickshire Police informed us that they were yet to deal with any cyber criminals trying to access their data. However, the same can’t be said for other stations in the UK. Some police stations have already suffered data breaches with the Sussex Police recording 62 breaches, West Midlands with 37, North Wales with 24 and Wiltshire Constabulary with 12. Police stations that informed us they already experienced data breaches this year
Keeping data secure in this day and era
To minimize the chances of data breaches occurring, there are several precautions that can be taken. These include:
Encrypting any files you don’t want prying eyes to see. Investing in a strong firewall and solid antivirus to prevent any unauthorized people from accessing your sensitive information. Usage of a VPN, short for Virtual Private Network. It creates a secure connection between you and the internet. VPNs keep your data encrypted and prevent cybercriminals from intercepting your internet traffic, which comes in particularly handy when using compromised wifi networks. A VPN will also hide your IP address, keeping you completely anonymous. Applying multifactor authentication.