Dyfed-Powys Police hit by more than 400 data breaches in three years
DYFED-POWYS POLICE has confirmed it has experienced more than 400 data breach incidents since 2022 — with thousands of pounds paid in compensation to affected individuals.
Figures released following a Freedom of Information request by Data Breach Claims UK show that in 2022 the force recorded 104 data breaches, rising to 134 in 2023, before dropping slightly to 126 over the past year.
The incidents range from inappropriate sharing of information to misdirected emails, with 'inappropriate sharing of data' the most common cause — accounting for 114 cases. A further 75 incidents involved emails being sent to the wrong recipients.
Force statement
In response to the figures, Dyfed-Powys Police told The Herald: 'Dyfed-Powys Police takes its responsibilities in respect to data breaches very seriously. The force has processes in place for data breaches to be reported, all of which are investigated by the Data Protection Team.
'Dyfed-Powys Police follows the National Police Chiefs' Council (NPCC) guidance and reports data breaches to the Information Commissioner's Office, where they meet referral criteria. Additionally, those subject to a data breach are informed, when required, in line with NPCC guidance.
'The Data Protection Breach Policy sets out everyone's responsibilities in respect to data breaches, and the Force Information Security Policy is also available online.'
The FOI response was issued with a caveat that the figures may include duplicates, reports later found not to be breaches, or incidents caused by other organisations.
Compensation claims
Since 2022, six claims have been lodged against the force relating to data breaches, leading to a total of £6,500 in compensation being paid. The largest payout — £6,000 — was made in the 2024/25 financial year.
Bethan Simons, a solicitor at JF Law, said: 'Breaches don't always have to be complex cyberattacks. Many are caused by human error — misdirected emails, loss or theft of devices containing sensitive information, or accidental publication of data.
'Internal mishandling can also occur, such as officers accessing data without authorisation or failing to redact sensitive details. To prevent these breaches, forces must prioritise data protection measures, comprehensive staff training, encryption of devices, and strict data-sharing policies.'
National concern
A 2020 study by VPNoverview found UK police forces had suffered more than 2,000 data breaches in a single year, raising concerns about both cyberattacks and insider threats.
Data breaches within police forces can lead to victims suffering financial loss, identity theft, fraud, harassment, and severe emotional distress, as well as affecting ongoing investigations.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Western Telegraph
4 hours ago
- Western Telegraph
In court from Haverfordwest, Whitland, and Llangwm
The four defendants were accused of being threatening and abusive, speeding, and not following a court order. Their cases were heard at Llanelli Magistrates' Court. For the latest crime and court news for west Wales, you can join our Facebook group here. Here's a round-up of the cases. MARC INNES, 34, of Slade Villas in Haverfordwest, was being threatening and abusive at Withybush Hospital and spat in the back of a police vehicle and in a cell. Innes was accused of using threatening and abusive words or behaviour at Withybush Hospital on July 28 which was likely to cause harassment, alarm or distress. He was also charged with criminal damage relating to a police vehicle and a holding cell at Haverfordwest Police Station that same day. It was alleged that he spat in the rear of the police vehicle and on the floor of the cell. Innes pleaded guilty to both offences at Llanelli Magistrates' Court on July 30. He was fined £120, and was ordered to pay £85 in costs, a £48 surcharge, and £170 in compensation to Dyfed-Powys Police. ADRIAN WOOD, 55, of Hawthorn Rise in Haverfordwest, was caught speeding on the A48. Wood was clocked by a manned speed camera at Pensarn doing 81mph in a Jaguar XF on November 15. He pleaded not guilty, but was found guilty on August 1 at Llanelli Magistrates' Court. Wood was sentenced to pay a £60 fine, £650 in costs, and a £24 surcharge. He also had three points added to his licence. DION MORGAN, 27, of Market Street in Whitland, failed to adhere to a community protection notice. Despite being issued with the notice, Morgan 'behaved in a manner that caused a negative effect on persons in the locality' on July 28. It was alleged she was shouting and being aggressive, and pushed a man out of her house. She pleaded guilty to failing to comply with a community protection notice at Llanelli Magistrates' Court on July 30. Morgan was fined £80 and ordered to pay £85 in costs. KERI STOWELL, 65, of Rectory Road in Llangwm, was caught speeding in a 20mph limit by a manned speed camera. Stowell was ordered to pay a £40 fine, £120 in costs, and a £16 surcharge, and was handed three penalty points at Llanelli Magistrates' Court on August 8.
Cambrian News
a day ago
- Cambrian News
Aberystwyth man handed unpaid work for order breach
The 24-year-old admitted a charge of failing to comply with the supervision requirements imposed following release from a period of imprisonment by failing to attend a planned probation and Dyfed drug and alcohol appointment on the 24 June, and failing to attend a planned probation appointment on 1 July.
Daily Mail
2 days ago
- Daily Mail
Hackers capture personal data of former Tory ministers, British troops and thousands of Afghans allies in latest Ministry of Defence blunder
Personal data of former Tory ministers, British troops and thousands of Afghans has been lost in another embarrassing blunder for the Ministry of Defence. Defence officials sent a warning on Friday to 3,700 affected individuals warning their personal details, including their name, date of birth and passport number, had been hacked. It comes exactly a month after it was revealed the MoD had been running secrets flights to Britain, bringing in thousands of Afghans after a data blunder put 100,000 of them 'at risk of death' from the Taliban. The latest leak concerns many of the same people and is the third involving the personal data of former frontline Afghans since 2021. Former special forces interpreter Rafi Hottak, who was seriously injured in Afghanistan, said: 'How can it be that we've now had three separate data leaks involving one of the most vulnerable groups of people. 'I am truly worried about how badly the UK MOD has mishandled the personal data of Afghan allies. 'Once again, they have failed to protect those who stood shoulder to shoulder with them.' The personal details of former Conservative government ministers are also understood to have been compromised. Former special forces interpreter Rafi Hottak, who was seriously injured in Afghanistan , said: 'How can it be that we've now had three separate data leaks involving one of the most vulnerable groups of people' Such is the sensitivity of the leak that both the National Crime Agency and the National Cyber Security Centre are involved in the investigation. It follows a cyber attack on a third-party sub-contractor used by the MoD for flights into Stansted – the airport that brings Afghans to the UK. They have been flown over in a secret operation following a major data leak, which was uncovered in 2023 and then remained secret for almost two years after an unprecedented government super-injunction. It is believed that some of the Afghans whose data was leaked in that first blunder have now been impacted a second time. A subcontractor called Inflite The Jet Centre which provides ground handling services for flights to the airport was compromised. It also handles flights for the Cabinet Office. The data covered the period from January to March last year, when hundreds of Afghans, relocated after risking their lives to help British troops, were flown to the UK. The hack, which happened recently, related only to those flying into Stansted Airport. Investigations are underway into the cyber attack and ransomware demands, said the MoD. The flights were used for bringing Afghans to the UK, as well as travel to routine military exercises and official engagements. The database at the heart of the super-injunction scandal, seen by the Daily Mail, contains details of more than 100 Britons including senior military officers and government officials The MoD alert warned: 'Please remain vigilant and be alert to unexpected communication or unusual activity.' The email has been sent to those who travelled during the period. It explained that certain information was required by the contractor to enable flights to depart and arrive. It is understood the hack primarily concerned Afghans being brought here, although 100 UK personnel were also affected. MoD sources said there was currently no evidence to suggest that any data has been released publicly or on the dark web. Investigations are underway into the cyber attack and any possible ransomware demands. Tens of thousands of Afghans who served alongside UK forces during the war have been rescued and brought to the UK. Professor Sara de Jong of the Sula Alliance, which campaigns for Afghans who worked beside UK forces during the 20 years of conflict, said: 'It's extraordinary that Afghans at risk are affected by yet another data security incident involving the Ministry of Defence. 'This will even further erode the trust of Afghans, who supported British military goals and who thought they could rely on protection in return, in UK institutions. 'Afghans who are now affected by several data leaks will also be left wondering why the Ministry of Defence's communication and advice is different each time, with the limited security advice and guidance, given very little reassurance.' In a statement, Inflite The Jet Centre Limited said it 'recently experienced a data security incident involving unauthorised access to a limited number of company emails. 'We have reported the incident to the Information Commissioner's Office (ICO) and have been actively working with the relevant UK cyber authorities to support our investigation and response. 'We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024.' A government spokesman said: 'The incident has not posed any threat to individuals' safety, nor compromised any government systems.' 'We were recently notified that a third party sub-contractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information. 'We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals.' The government super-injunction was imposed after a list of those looking to relocate to Britain from Afghanistan after the Taliban took back control was accidentally emailed out by a soldier. When the Daily Mail uncovered the leak, it, followed by other media, was gagged.
