A law enforcement agency suffering a data breach is a worrying thought, especially one as big as Europol – but it can and did happen.
Last year, Europol admitted they were subject to a rather shocking data leak when one of their former employees – a former Dutch police officer – breached the agency’s policies by taking home a confidential file that contained extremely sensitive information on multiple terrorist investigations.
A story from 2016 that’s similar to the recent Heathrow USB device found containing all sorts of sensitive security information, it goes to show the worrying reality that even the forces who are there to protect us can fall foul of a data breach.
Europol – the European Police Officers law enforcement agency – have in the past been applauded for their successful efforts in working with local police authorities to take down huge cybercrime networks responsible for losses equating to hundreds of millions of Euros through online fraud. They have made multiple arrests and have seized countless servers used by criminals. These successes show a focused campaign to tackle cybercrime across Europe, but when they’re found to be breaching data protection laws themselves, we can’t help but be worried.
In the breach that happened last year, a confidential file that reportedly included over 700 pages of data analysis for 54 separate terrorism investigations was accidentally uploaded online when the employee used a backup device that was connected to the internet.
The file reportedly contained the names and contact details of hundreds of people suspected to be connected to criminal terrorist activity.
According to Europol, the breach was not ‘malicious’, and was blamed on human error. The information leaked was also apparently ‘historical’ as it was dated from ten years ago, leading to a suggestion that there is ‘no indication that an investigation has been jeopardised.’
It’s suspected that Europol knew about the data breach since September 2016, but didn’t inform the European Parliament until later on. This breach may affect the trust and confidence which some European countries install on Europol, as the law enforcement agency notably relies heavily on information provided by national and local police forces to help them investigate large-scale, cross-border crimes.
With the new GDPR legislation coming in to force next year, future breaches of this nature could be punishable by monumental fines.