Northern Irish cops release 2 men after Terrorism Act arrests linked to data breach

Nearly four weeks after the Police Service of Northern Ireland (PSNI) published data on 10,000 employees in a botched response to a Freedom of Information request, another two men, aged 21 and 22, have been released on bail after being arrested under the Terrorism Act.

The pair were arrested on Saturday September 2 in Portadown, County Armagh, bringing total arrests in the case to four. The arrests were linked to an investigation into the freedom of information data breach on August 8th, PSNI confirmed this morning.

Detective Chief Superintendent Andy Hill said the force is continuing "to work toward establishing those who possess information relating to the data breach."

The breach was one of the department's own making. On August 8, it mistakenly published a spreadsheet with the details of every serving Northern Ireland police officer online in response to a Freedom of Information (FoI) request at the beginning of August.

The data spilled included the surnames and initials of serving officers and civilian staff members, plus a listing of officers' rank or grade, details on their location, and the department in which they work. Although the information was removed several hours after it was posted, it could potentially endanger the safety of officers, given the volatile politics of the region. The ethno-nationalist conflict raged for decades, with sectarian violence dying down – and paramilitaries laying down arms – after the signing of the Good Friday Agreement in 1998, but strong feelings and occasional outbreaks of violence persist.

Both serving and recently retired officers say they face continuing threat from paramilitaries, with several telling the BBC shortly after the breach that they're "always looking over their shoulder."

On Friday night, Assistant Chief Constable Chris Todd said that a poster "claiming to contain details of three serving officers" had been placed near a bus shelter on Chapel Road in Dungiven, a small town in County Londonderry, on Thursday, August 31. Todd said: "This was a clear attempt to intimidate police officers, staff and their families, but police can confirm that the information contained on the poster is incorrect." Cops are asking anyone who was driving in the area on Thursday night with a dashcam to come forward with footage. Detectives investigating the placing of a poster have made two arrests, the PSNI told The Reg.

The FoI disclosure log is currently unavailable due to PSNI's ongoing review following the data breach. We've asked PSNI when requests can once again be made.

Altogether four arrests have been made in relation to the mistaken release of the FoI data so far. These include the August 16 arrest of a 39-year-old, nabbed on suspicion of collection of information likely to be useful to terrorists. He was later released on bail.

• More UK cops' names and photos exposed in supplier breach
• Man arrested in Northern Ireland police data leak as more incidents come to light
• You're not seeing double – yet another UK copshop is confessing to a data leak
• Electoral Commission had internet-facing server with unpatched vuln

Two days later, a 50-year-old man was arrested and has been been charged with Terrorism Act offences. He appeared in Coleraine Magistrates Court on Monday 21st August, police said, adding: "As is normal procedure, all charges will be reviewed by the Public Prosecution Service."

The Terrorism Act 2000 states that a person commits an offence if they collect or make a record of "information of a kind likely to be useful to a person committing or preparing an act of terrorism." It includes viewing, or otherwise accessing by means of the internet, a document or record containing information of that kind, so we'd assume the force's techies are sifting through server logs while others pound the pavement.

The PSNI breach kicked off a full month of UK copshop data snafus and leaks. On August 14, Cumbria police accidentally published the names, salaries, and allowances of all of its staff and officers online; and on August 15, England's Norfolk and Suffolk police admitted to exposing data. They said that due to a "technical issue," raw data about crime reports had been mistakenly included in FoI responses to crime statistic requests.

Most recently, London's Metropolitan Police said a "third-party" breach had exposed staff and officers' names, ranks, photos, vetting levels, and salary information. While the Met wouldn't reveal the identity of the supplier, according to The Sun it was an IT contractor who prints warrant cards and staff passes for the force. According to the paper, all 47,000 staff members and police officers – including senior officials, undercover and counter-terrorism cops, and officers assigned to guard the royal family – were exposed. ®