Latest news with #BethanSimons

Pembrokeshire Herald

Dyfed-Powys Police hit by more than 400 data breaches in three years

Force pays out thousands in compensation following incidents DYFED-POWYS POLICE has confirmed it has experienced more than 400 data breach incidents since 2022 — with thousands of pounds paid in compensation to affected individuals. Figures released following a Freedom of Information request by Data Breach Claims UK show that in 2022 the force recorded 104 data breaches, rising to 134 in 2023, before dropping slightly to 126 over the past year. The incidents range from inappropriate sharing of information to misdirected emails, with 'inappropriate sharing of data' the most common cause — accounting for 114 cases. A further 75 incidents involved emails being sent to the wrong recipients. Force statement In response to the figures, Dyfed-Powys Police told The Herald: 'Dyfed-Powys Police takes its responsibilities in respect to data breaches very seriously. The force has processes in place for data breaches to be reported, all of which are investigated by the Data Protection Team. 'Dyfed-Powys Police follows the National Police Chiefs' Council (NPCC) guidance and reports data breaches to the Information Commissioner's Office, where they meet referral criteria. Additionally, those subject to a data breach are informed, when required, in line with NPCC guidance. 'The Data Protection Breach Policy sets out everyone's responsibilities in respect to data breaches, and the Force Information Security Policy is also available online.' The FOI response was issued with a caveat that the figures may include duplicates, reports later found not to be breaches, or incidents caused by other organisations. Compensation claims Since 2022, six claims have been lodged against the force relating to data breaches, leading to a total of £6,500 in compensation being paid. The largest payout — £6,000 — was made in the 2024/25 financial year. Bethan Simons, a solicitor at JF Law, said: 'Breaches don't always have to be complex cyberattacks. Many are caused by human error — misdirected emails, loss or theft of devices containing sensitive information, or accidental publication of data. 'Internal mishandling can also occur, such as officers accessing data without authorisation or failing to redact sensitive details. To prevent these breaches, forces must prioritise data protection measures, comprehensive staff training, encryption of devices, and strict data-sharing policies.' National concern A 2020 study by VPNoverview found UK police forces had suffered more than 2,000 data breaches in a single year, raising concerns about both cyberattacks and insider threats. Data breaches within police forces can lead to victims suffering financial loss, identity theft, fraud, harassment, and severe emotional distress, as well as affecting ongoing investigations.