DATA breaches can occur within the police through cyberattacks as well as human error, and this police force has experienced a number of security incidents since 2022.
Figures obtained by Data Breach Claims UK found that, in the past three years, over 800 data breach incidents have taken place within South Wales Police.
Police officers and staff have access to vast amounts of personal data, which can include information such as a person’s name, phone number, email or address.
As police forces have to keep extensive records for investigations, they are seen as data controllers under the Data Protection Act 2018.
As a result, data breach incidents can occur where this personal data is destroyed, altered or lost either accidentally or unlawfully, which can lead to a victim experiencing financial loss or psychological harm.
According to a study conducted by VPNoverview in 2020, UK police forces suffered more than 2,000 data breaches across the year, highlighting both the threat from ransomware used by cyber criminals as well as malicious insiders who may be working for the police.
In 2022, South Wales Police saw 149 data breaches take place before this number rose to 176 a year later.
Over the past year, the force has seen an increase in these security incidents, with the total standing at 274.
Due to the sensitive nature of the information held, police forces try and ensure that this data is handled with the utmost respect to maintain the public’s trust and confidence.
However, data breaches within the force are a significant and growing concern as they can happen in many different ways.
Bethan Simons, solicitor at JF Law, said: “Breaches don’t always have to be complex cyberattacks, as breaches can often occur from human error.
“This can include misdirected emails, documents sent to the wrong address, the loss or theft of devices such as laptops or USB sticks containing sensitive information, or even the accidental publication of data, as seen with several UK forces.
“Internal mishandling is another cause of data breaches, such as officers accessing data without authorisation or failing to redact certain sensitive details.
“To prevent these breaches, forces must prioritise data protection measures involving comprehensive training for staff on data handling protocols, encryption of devices, and strict policies regarding the sharing and retention of data.
Via freedom of information requests, Data Breach Claims UK also found out the most common types of data breaches that took place within South Wales Police.
Unauthorised disclosure of information through physical documents was the most common type of data breach, totalling 327 incidents, followed by unauthorised disclosure through emails, which led to 199 breaches.
In 2024, the Information Commissioner’s Office (ICO) reprimanded West Midlands Police after they had incorrectly merged the records of two victims of crimes however, one was also a suspect, and this was seen as a breach of the Data Protection Act 2018.
Mistakes like this within the police can lead to inaccurate personal information being processed, ongoing investigations being affected, and data breach victims having their sensitive data leaked.
As a consequence of the data breaches the force has suffered since 2022, 24 claims have been lodged against South Wales Police looking for compensation.
This has led to a total of £46,550 being paid out to successful claimants, with the highest amount being paid in 2024/25 at £28,750.
Bethan Simons said: “Information leaks can have a huge impact on victims as they can lead to identity theft, fraud, harassment, and severe emotional distress.
“If the police force’s failings caused a data breach and you suffered financial or emotional harm as a direct result, then you may have grounds to pursue a claim, and it’s crucial to seek legal advice promptly.”
Data Breach Claims UK offers support to those whose personal data was compromised in a police data breach and can see if they have grounds to submit a claim.
They operate a 24-hour helpline, with an online claim form too, which you can access on their website.
