The Gloucestershire Constabulary faced a data breach involving an unauthorized search of police systems by a staff member in September 2022. The breach involved third-party personal data accessed without authorization in relation to a road traffic collision. The Chief Constable, Rod Hansen, was suspended in October 2024 for allegedly failing to respond appropriately to the incident, including not adhering to force policies and data protection laws. The Independent Office for Police Conduct (IOPC) found potential breaches of police standards, including reporting improper conduct, honesty, integrity, and discreditable behavior. The Chief of Staff, Gary Thompson, was also suspended and will face a misconduct hearing. The breach exposed internal governance failures, risking public trust in law enforcement and potential legal repercussions under data protection regulations. The disciplinary hearings will determine if gross misconduct occurred, further damaging the force’s reputation and operational integrity.
Source: https://www.bbc.com/news/articles/cp8wpwg526zo
TPRM report: https://www.rankiteo.com/company/gloucestershire-constabulary
"id": "glo3502635100225",
"linkid": "gloucestershire-constabulary",
"type": "Breach",
"date": "9/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Third Parties Involved in Road '
'Traffic Collision (2022)',
'industry': 'Public Sector / Policing',
'location': 'Gloucestershire, UK',
'name': 'Gloucestershire Constabulary',
'type': 'Law Enforcement Agency'}],
'attack_vector': 'Insider Threat (Unauthorised Access by Staff)',
'data_breach': {'data_exfiltration': 'Unclear (Accessed but Exfiltration Not '
'Confirmed)',
'personally_identifiable_information': 'Likely (Traffic '
'Collision-Related '
'PII)',
'sensitivity_of_data': 'Moderate (Context-Dependent Personal '
'Data)',
'type_of_data_compromised': ['Personal Data (Third-Party)',
'Road Traffic Collision '
'Records']},
'date_detected': '2022-09',
'date_publicly_disclosed': '2024-10',
'description': "Gloucestershire Constabulary's suspended Chief Constable Rod "
'Hansen and Chief of Staff Gary Thompson face misconduct '
'hearings over allegations of failing to respond appropriately '
'to a data breach. A staff member was suspected of conducting '
'an unauthorised search of police systems, accessing '
'third-party personal data related to a road traffic collision '
'in September 2022. The Independent Office for Police Conduct '
'(IOPC) concluded that Hansen and Thompson should face '
'disciplinary proceedings for potential breaches of police '
'standards, including reporting improper conduct, '
'discreditable conduct, duties/responsibilities, '
'honesty/integrity, and compliance with orders/instructions. '
'The IOPC alleged Hansen did not handle the matter in '
'accordance with force policy or data protection laws.',
'impact': {'brand_reputation_impact': 'High (Public Trust Erosion, Media '
'Scrutiny)',
'data_compromised': ['Third-Party Personal Data (Road Traffic '
'Collision Records)'],
'identity_theft_risk': 'Low (Context-Specific to Traffic Collision '
'Data)',
'legal_liabilities': ['Potential Violations of Data Protection '
'Laws',
'Police Standards Breaches'],
'operational_impact': ['Leadership Suspensions',
'Disciplinary Proceedings',
'Reputation Damage'],
'systems_affected': ['Police Internal Systems']},
'initial_access_broker': {'entry_point': 'Internal Police Systems (Authorised '
'Access Abused)',
'high_value_targets': ['Road Traffic Collision '
'Data']},
'investigation_status': 'Ongoing (Disciplinary Hearings Pending)',
'motivation': ['Unauthorised Curiosity', 'Potential Abuse of Power'],
'post_incident_analysis': {'root_causes': ['Inadequate Response to Insider '
'Threat',
'Failure to Enforce Access '
'Policies',
'Leadership Accountability Gaps']},
'references': [{'date_accessed': '2024-10', 'source': 'BBC News'},
{'date_accessed': '2024-10',
'source': 'Independent Office for Police Conduct (IOPC)'}],
'regulatory_compliance': {'legal_actions': ['Misconduct Hearings for Rod '
'Hansen and Gary Thompson'],
'regulations_violated': ['UK Data Protection Laws '
'(Potential)',
'Police Standards of '
'Professional Behavior'],
'regulatory_notifications': ['IOPC Investigation '
'and Directives']},
'response': {'communication_strategy': ['Public Disclosure via BBC',
'Statements by Police and Crime '
'Commissioner (Chris Nelson)'],
'containment_measures': ['Suspension of Chief Constable (Rod '
'Hansen)',
'Suspension of Chief of Staff (Gary '
'Thompson)',
'Interim Leadership Appointment (Maggie '
'Blyth)'],
'incident_response_plan_activated': 'Yes (IOPC Investigation)',
'law_enforcement_notified': 'N/A (Internal Law Enforcement '
'Agency)',
'recovery_measures': ['Disciplinary Hearings Scheduled'],
'third_party_assistance': ['Independent Office for Police '
'Conduct (IOPC)']},
'stakeholder_advisories': ['Police and Crime Commissioner (Chris Nelson) '
'Statements'],
'threat_actor': 'Internal (Police Staff Member)',
'title': 'Unauthorised Data Access and Misconduct Allegations at '
'Gloucestershire Constabulary',
'type': ['Data Breach', 'Insider Threat', 'Misconduct'],
'vulnerability_exploited': 'Lack of Oversight/Enforcement of Access Controls'}