Wiltshire Police in England has come under fire after accidentally releasing a cache of sensitive passwords and access codes, exposing secure police systems and even addresses of safe houses used to protect victims of rape and sexual assault.
The breach, uncovered by The Telegraph, also included login credentials for evidence databases and police computers, along with personal information belonging to officers and prison staff.
The department confirmed it has launched an internal investigation to determine how the leak occurred and is now taking steps to repair the damage.
The leaked file contained 13 building and system codes, 13 passwords, and a list of 32 contacts, including phone numbers and email addresses for key personnel.
Details of prison officers working at Erlestoke, Winchester, and the Isle of Wight prisons were also exposed.
The disclosure follows a troubling series of security lapses across UK policing. Earlier this year, the Police Federation paid £15 ($19.73) million in compensation to 19,000 officers whose data was stolen by cybercriminals.
In 2023, a data error in Northern Ireland saw personal details of nearly 10,000 Police Service of Northern Ireland staff published online, later accessed by dissident republicans. The year before, the Federation admitted it had breached GDPR rules by failing to ensure adequate data protection.
Now, the question of data security is being thrust into an even wider debate. Prime Minister Keir Starmer is championing a nationwide digital ID scheme, claiming it will modernize access to public services and curb illegal employment.
Yet, as incidents like the Wiltshire breach continue to surface, the push for a centralized digital identity raises profound concerns about whether the state can be trusted to safeguard such sensitive data.
Consolidating identity data under one digital system could create a huge target for hackers.
When even local police forces struggle to protect internal codes and files, the risks of scaling up to a national identity infrastructure become starkly apparent.
That mistrust deepens when viewed against the Ministry of Defence’s handling of the Afghanistan data breach, one of the most severe and least transparent government failures in recent years.
In 2022, an MoD spreadsheet containing personal data of roughly 18,700 Afghans who had worked alongside British forces and were seeking relocation to the UK was mistakenly sent outside authorized channels. Many of those individuals were already in danger under Taliban rule.
Reports later revealed that the incident was subject to a super injunction, effectively silencing public discussion for more than 600 days.
The concealed breach ultimately forced the government to undertake a massive relocation operation, moving thousands of Afghans to safety at enormous cost. Even years later, the Ministry has admitted to dozens of similar data mishandling incidents.
When the state can accidentally expose people who risked their lives working with it and then hide that failure from scrutiny, assurances about the security of a new national digital ID system ring hollow.
The gap between political promises and institutional performance has never looked wider.
