UK police struggle to contain data breaches

Although many UK police forces are in the process of introducing facial recognition into their work, data breaches remain an issue that is capturing the attention of legal organizations.

Last week, the North Wales Police was found to have reported 19 data breaches over the past six years. The compromised information included names, addresses, date of birth, contact details, medical and financial information, as well as breaches related to GDPR compliance.

The largest number of breaches, eight in total, was reported in 2024, while an additional seven have already occurred in 2025. At least 32 people were affected, including members of the public and the police.

The data was obtained through a Freedom of Information Request and published by LLS, The North Wales Chronicle reports.

“In today’s digital landscape, organizations handle vast amounts of sensitive information,” says Gary Noble from LSS. “From personal details like names and addresses to health records and biometric data, the consequences of a data leak can be devastating.”

Wales police is not the only one in the UK struggling to secure data. Over the past three years, the UK police forces have experienced over 13,000 data breach incidents, according to claims management service Data Breach Claims UK.

The highest number of approximately 2,200 incidents was recorded by London’s Metropolitan Police, followed by Police Scotland with nearly 1,400  breaches.

Misdirected emails, documents sent to the wrong address, the loss or theft of devices such as laptops or USB sticks and the accidental publication of data are among the most common reasons behind data breaches, followed by internal mishandling of data by police officers.

“Breaches don’t always have to be complex cyberattacks, as breaches can often occur from human error,” says Bethan Simons, a solicitor at JF Law working with Data Breach Claims UK.

To prevent the issue, police forces should introduce comprehensive training for staff on data handling protocols, encryption of devices and strict policies regarding the sharing and retention of data, Simons told Security Journal UK.

Rights groups and lawmakers frequently cite the regularity of data breaches as an argument against introducing facial recognition. A similar scenario was recently seen in Scotland, where the police recently announced their decision to use live facial recognition for law enforcement.

According to data published by Data Breach Claims UK in August, Police Scotland has recorded almost 1,400 breaches over the past three years. The figures also showed that the number of breaches is rising: While 461 incidents were recorded during 2022-2023 and 2023-2024, the financial year 2024-2025 saw 476 incidents.

Article Topics

cybersecurity  |  data privacy  |  data protection  |  North Wales Police  |  police  |  Police Scotland  |  UK