SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Locked police evidence folder binary code warning screens uk silhouette
#
Data Protection
#
Ransomware
#
Endpoint Protection

UK police forces face over 13,000 data breaches since 2022

Tue, 2nd Sep 2025
Author image
By Jed Nykolle Harme, Editor

UK police forces have experienced more than 13,000 data breaches over the last three years, according to figures obtained via freedom of information requests by Data Breach Claims UK.

The new data reveals a significant increase in reported incidents year on year, with police forces across the UK reporting 2,711 breaches in 2022/23, rising to 4,643 the following year. In the most recent period, the figure reached 4,759, bringing the total to over 13,000 incidents since 2022.

Data exposure

Police officers and staff handle substantial volumes of personal information, including names, contact details and addresses, due to the nature of investigative and administrative work. Under the Data Protection Act 2018, police forces are designated as data controllers, carrying a duty to protect and handle such information lawfully and securely.

Data breaches can take various forms, from sophisticated cyberattacks to errors resulting from routine tasks. The loss, destruction, alteration, or unauthorised disclosure of personal data - whether by accident or unlawfully - potentially exposes individuals to financial and psychological impacts.

A past study by VPNoverview in 2020 had already highlighted the extent of the issue, recording more than 2,000 data breaches among UK police forces that year. That research pointed to threats from ransomware and malicious insiders, in addition to accidental incidents.

Common causes

Bethan Simons, Solicitor at JF Law, said: "Breaches don't always have to be complex cyberattacks, as breaches can often occur from human error. This can include misdirected emails, documents sent to the wrong address, the loss or theft of devices such as laptops or USB sticks containing sensitive information, or even the accidental publication of data, as seen with several UK forces."

Simons identified internal mishandling as another significant contributor to breaches, saying, "Internal mishandling is another cause of data breaches, such as officers accessing data without authorisation or failing to redact certain sensitive details."

Regarding ways to address the rising number of incidents, Simons said, "To prevent these breaches, forces must prioritise data protection measures involving comprehensive training for staff on data handling protocols, encryption of devices, and strict policies regarding the sharing and retention of data."

Force breakdown

The freedom of information data also pinpointed which police forces logged the most incidents in the period under review. The Metropolitan Police Service recorded the highest number with 2,271 breaches, followed by Police Scotland with 1,398.

Several forces, including Cleveland, Derbyshire, Devon & Cornwall, Dorset, Greater Manchester, Humberside, Kent, Leicestershire, Merseyside, Norfolk, South Yorkshire, Suffolk, Thames Valley and West Midlands, either did not respond to the information requests or declined to provide data.

Consequences and compensation

The sensitive nature of information managed by police means breaches can have serious ramifications. The Information Commissioner's Office (ICO) reprimanded West Midlands Police in 2024 over a case where the records of two victims - one of whom was also a suspect - were wrongly merged, contravening the Data Protection Act 2018. Such mistakes can compromise investigations, lead to the processing of inaccurate personal data, and risk the well-being of those affected by unwanted disclosure.

Since 2022, 291 claims have been made against police forces seeking compensation for data breaches, resulting in total pay-outs of GBP £501,370 to claimants. The largest amount paid in a single year was in 2022/23, when claimants received GBP £236,270.

Bethan Simons said: "Information leaks can have a huge impact on victims as they can lead to identity theft, fraud, harassment, and severe emotional distress.

Simons added, "If the police force's failings caused a data breach and you suffered financial or emotional harm as a direct result, then you may have grounds to pursue a claim, and it's crucial to seek legal advice promptly."

Data Breach Claims UK says it continues to offer support to those affected by police data breaches.

Related stories
Why the all-AI social network looks more fad than legacy
Hexnode embeds upgraded Genie AI to run UEM actions
Safer Internet Day spotlights AI, trust & child safety
Finalists revealed for 2025 everywoman in Tech Awards
Ripjar appoints Matt Mills as Chief Executive Officer

Top stories

Kerala crackdown targets online child abuse networks
Fireblocks & Thales deepen bank crypto key control
SentinelOne debuts lifecycle platform for AI security
Synology gains ISO 27001:2022 for security management
Dark web ‘fraud superstore’ struggles with AI checks