Police Scotland Fined £66K for Serious Data Breach Exposing Crime Reporter’s Phone Data
On March 11, 2026, the UK’s Information Commissioner’s Office (ICO) fined Police Scotland £66,000 ($88,400) for a "serious" data breach in which an individual’s mobile phone data was improperly disclosed to a third party. The incident occurred after the victim reported a crime, raising concerns over the mishandling of sensitive personal information by law enforcement.
The ICO determined that Police Scotland failed to adequately protect the complainant’s data, violating data protection laws. The fine underscores the regulator’s ongoing scrutiny of public sector organizations handling personal information, particularly in cases involving vulnerable individuals.
Details of the breach, including the nature of the disclosed data and the identity of the third party, remain undisclosed. The case highlights the risks of unauthorized data sharing within policing and the legal consequences for non-compliance with data protection standards.
Source: https://www.law360.com/articles/2451523/police-scotland-fined-66k-over-serious-data-breach
Police Scotland cybersecurity rating report: https://www.rankiteo.com/company/police-scotland
"id": "POL1773240900",
"linkid": "police-scotland",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1 (individual)',
'industry': 'Public Sector',
'location': 'United Kingdom',
'name': 'Police Scotland',
'type': 'Law Enforcement Agency'}],
'data_breach': {'number_of_records_exposed': '1 (individual)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Mobile phone data'},
'date_publicly_disclosed': '2026-03-11',
'description': 'The UK’s Information Commissioner’s Office (ICO) fined Police '
"Scotland £66,000 ($88,400) for a 'serious' data breach in "
'which an individual’s mobile phone data was improperly '
'disclosed to a third party after the victim reported a crime. '
'The incident raised concerns over the mishandling of '
'sensitive personal information by law enforcement.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Mobile phone data',
'financial_loss': '£66,000',
'identity_theft_risk': 'High',
'legal_liabilities': 'Fine imposed by ICO'},
'investigation_status': 'Completed (Fine imposed)',
'lessons_learned': 'The case highlights the risks of unauthorized data '
'sharing within policing and the legal consequences for '
'non-compliance with data protection standards.',
'post_incident_analysis': {'root_causes': 'Failure to adequately protect '
'sensitive personal information'},
'references': [{'source': 'Information Commissioner’s Office (ICO)'}],
'regulatory_compliance': {'fines_imposed': '£66,000',
'regulations_violated': 'UK Data Protection Laws',
'regulatory_notifications': 'ICO investigation'},
'title': 'Police Scotland Fined £66K for Serious Data Breach Exposing Crime '
'Reporter’s Phone Data',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper data handling'}