The UK police have lost more than 150,000 fingerprint, DNA and arrest history records after accidentally erasing them from national police systems.
The Interior Ministry said in a statement that it was working with police to “assess the impact” of the failure that occurred within the systems, and that no records of criminals or dangerous people had been removed.
He said the erased records were those of people arrested and released when no further action was taken.
Surveillance Minister Kit Malthouse said that “a standard cleaning process that runs on the National Police Computer [PNC] deleted several records by mistake ”, and that“ a quick review identified the problem and corrected the process, so it cannot happen again ”.
Malthouse added: “The Home Office, the Council of National Police Chiefs and other law enforcement partners are working at a pace to recover the data. While the loss refers to people who were arrested and then released without further action, I have asked officials and the police to confirm their initial assessment that there is no threat to public safety. “
However, it is currently unclear which specific police systems experienced the problem and how widespread it was. Although the PNC has a variety of personal data on individuals, from information on arrests and convictions to vehicles and property, it does not contain fingerprints or other biometric information, which is found in the IDENT1 system.
Similarly, DNA-related information is kept in the national DNA database, not in the PNC, which means that the technical issue has affected several UK police databases.
The issue is also said to have affected the UK visa system, which had to suspend application processing for two days.
Shadow Home Secretary Nick Thomas-Symonds asked Home Secretary Priti Patel to take responsibility for the computer bug and clarify its impact.
“This is an extraordinarily serious security breach that presents enormous dangers to public safety,” he said. “The incompetence of this chaotic government cannot be allowed to put people at risk, set criminals free and deny victims justice.”
The Home Office did not comment when asked by Computer Weekly what the justification was for keeping records of thousands of people when no further police action was taken.
The PNC currently has information on around 12.6 million people and retains it until their 100th birthday or up to 100 years from the date it was first reported to the police, depending on the intelligence category to which it the information belongs.
Kevin Blowe, coordinator of the Police Monitoring Network (Netpol), said that the loss of data, which has been criticized by sectors of the press and politicians for “allowing criminals to go free”, has “certainly caused an outbreak of reactionary pearl ”. – grabbing hold of even some opposition politicians ”.
He added: “However, if the Home Office is correct and the records of criminals or dangerous people have not been removed, but only the records of those arrested and then released without further action, then there are much more important questions to ask. be answered.
“Why do the police keep large amounts of personal data that they don’t need, apparently with the remote possibility that it could be useful as intelligence in the future? How is this not on par with the police keeping millions of face images of innocent people in a searchable database, long after the courts ruled this was illegal? “
Similarly, the Home Office did not comment when asked if the lost data was recoverable and if it had any idea when the data would be recovered.
Ezat Dayeh, systems engineering manager at data management firm Cohesity, said: “The bottom line here is that critical data needs to be protected. It is hard to believe that there is no protection, support or policies that prevent the loss of this type of data. If they just discovered the deletion, they should be able to get this data back in a few hours. Otherwise, and if your backup doesn’t go back far enough, you need to ask questions.
“Human error, ransomware, or even something as innocent as accidental deletion or a power outage can make files inaccessible. However, organizations should regularly back up their files and verify that all such data is safe and usable. It is not just a best practice in data management or an IT problem, it is an organizational necessity and a compliance measure that is often required by law. “
The PNC last experienced a major problem on October 21, 2020, and fell for more than 10 hours after a power outage.