NSW Police Leak Exposes Email Addresses of 150 Complaintants in Data Breach
The NSW Police have inadvertently disclosed the email addresses of over 150 individuals who filed complaints regarding officers’ use of force during the Sydney Black Lives Matter protest on 6 June. The breach occurred when a police response to a complainant Samuel Leighton-Dore, who raised concerns after viewing footage of officers deploying pepper spray into a kettled crowd was sent with an attached list of all recipients’ emails.
Leighton-Dore, who was advised by the Law Enforcement Conduct Commission (LECC) to direct his complaint to NSW Police, received a one-page response from Craig Lowery, Professional Standards Manager, stating that no further investigation was warranted after reviewing body-worn camera footage. Dissatisfied with the decision, Leighton-Dore later received a second email containing the original letter along with a page listing the email addresses of 150 other complainants.
The incident appears to violate Section 169A of the Police Act 1990 (NSW), which prohibits the disclosure of complainants’ identities without proper authorization. A NSW Police spokesperson acknowledged the error as an "administrative mistake" but provided no further details on how it occurred or whether affected individuals would be notified.
The breach has intensified criticism of NSW Police’s internal handling of complaints, with one commentator calling it a "complete betrayal of public trust and accountability." Leighton-Dore reported that police initially claimed he was the sole complainant, contradicting the lengthy list of exposed emails.
The LECC, tasked with overseeing police misconduct investigations, faces chronic underfunding, allowing NSW Police to self-investigate most complaints a process advocates argue is inherently biased. The commission reportedly investigates only 2% of reported cases, raising concerns about systemic oversight failures.
Source: https://www.lexology.com/library/detail.aspx?g=a8e935a9-c7f4-4c84-983e-9d33caab6eae
NSW Police Force cybersecurity rating report: https://www.rankiteo.com/company/nsw-police-force
"id": "NSW1769571644",
"linkid": "nsw-police-force",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '150 complainants',
'industry': 'Law Enforcement',
'location': 'New South Wales, Australia',
'name': 'NSW Police',
'type': 'Government Agency'}],
'attack_vector': 'Administrative Error',
'data_breach': {'number_of_records_exposed': '150',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally identifiable information '
"(complainants' identities)",
'type_of_data_compromised': 'Email addresses'},
'description': 'The NSW Police inadvertently disclosed the email addresses of '
'over 150 individuals who filed complaints regarding officers’ '
'use of force during the Sydney Black Lives Matter protest on '
'6 June. The breach occurred when a police response to a '
'complainant was sent with an attached list of all recipients’ '
'emails.',
'impact': {'brand_reputation_impact': 'Intensified criticism of NSW Police’s '
'internal handling of complaints',
'data_compromised': 'Email addresses of 150 complainants',
'legal_liabilities': 'Potential violation of Section 169A of the '
'Police Act 1990 (NSW)',
'operational_impact': 'Betrayal of public trust and '
'accountability'},
'post_incident_analysis': {'root_causes': 'Administrative mistake in email '
'handling'},
'references': [{'source': 'Original Incident Description'}],
'regulatory_compliance': {'regulations_violated': ['Section 169A of the '
'Police Act 1990 (NSW)']},
'response': {'communication_strategy': "Acknowledged as an 'administrative "
"mistake'"},
'title': 'NSW Police Leak Exposes Email Addresses of 150 Complainants in Data '
'Breach',
'type': 'Data Breach'}