Government faces questions after review of 11 major UK data breaches

MP asks why all recommendations have not yet been implemented and why the review itself was kept secret for almost two years

The government is facing calls to explain why it has yet to implement all the recommendations from a 2023 review into a spate of serious public sector data breaches, including the exposure of Afghans who worked with British military, victims of child sexual abuse and 6,000 disability claimants.

On Thursday ministers finally published the information security review, which was triggered by the 2023 leak of personal data of about 10,000 serving officers in the Police Service of Northern Ireland.

The review by Cabinet Office officials into 11 public sector data breaches, encompassing the HMRC, the Metropolitan police, the benefits system and the MoD, found three common themes:

A lack of controls over ad hoc downloads and exports of aggregations of sensitive data.

Government faces questions after review of 11 major UK data breaches

Other newsrooms on this story

Related reading

Labour accused of covering up scale of Whitehall data leaks after Afghan breach

What I told MPs about the government’s catastrophic Afghan data leak

Unprecedented gagging order over Afghan data breach should have been avoided,…

UK Ministry of Defence admits 49 breaches of Afghans’ data

Afghan data breach was ‘wake-up call’ for government’s data security

Afghans at risk of fresh data breach because MoD still hasn’t fixed security…