Police confirm sex crime victims’ data leaked by Greater Manchester Police in test gone wrong

Highly sensitive data including the names and addresses of thousands of victims was accidentally leaked by Greater Manchester Police (GMP), police confirm. 

GMP is under investigation after it was reported that an anonymous whistleblower, whose information was passed to The Mill by an intermediary, accused the Force of accidentally publishing highly sensitive police data online that was intended for testing purposes.

A police spokesperson has since confirmed to the Manchester Mill that “a dataset of personal information” was compromised, and that “an internal investigation was immediately initiated and GMP has proactively referred the matter to the Information Commissioners Office (ICO).”

According to Manchester Evening News who spoke with GMP, witness and informant information was not leaked but the force admitted that historic details of sex crimes, including names and crimes, were accessible by an external contractor. 

The information could also be accessed by the public but according to GMB, “there are currently no indicators to suggest that this data has been viewed by anyone outside of the authorised teams or that the data has been extracted.”

The whilsteblower told the Mill that real data had been allegedly uploaded to a “test system” by a contractor who has not yet been named.

The breach is likely to bring more attention to the Integrated Operational Policing System (iOPS) used by the force since 2019 to carry all its data, including court case files, victim and informant details and calls from the public.

“The information was immediately taken down to ensure no further access could be gained. The possible data that could have been accessed did not include any pictures or video,” GMS said in their statement to the Mill. “The investigation is currently ongoing and further reports will be issued to the ICO as appropriate. As the investigation is still ongoing we cannot provide any further information at this stage.”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.