Confidential documents relating to terrorism investigations complied by Europol have been leaked online, Dutch investigative TV programme Zembla has revealed.
Ahead of the broadcast of the documentary, the European Union’s law enforcement agency admitted that one of its former employees took the documents home and saved them on a hard drive connected to a cloud storage service, in direct contravention of the organisation’s internal policies.
The programme claims more than 700 pages of documents were left online unencrypted and without password protection, many of which contained the names and contact details of individuals involved in terror probes, potentially putting numerous investigations at risk.
Although it is highly unlikely that any of the terror suspects named in the documents would have accessed the files, the incident raises serious concerns over Europol’s internal security policies, and raises the possibility that similar leaks relating to other investigations may have taken place in the past.
Europol spokesman Jan Op Gen Oorth said: “The concerned former staff member, who is an experienced police officer from a national authority, uploaded Europol data to a private storage device while still working at Europol, in clear contravention to Europol policy.
“A security investigation regarding this case is on-going, in coordination with the respective authorities at national level to which the staff member returned. Current information suggests that the security breach was not ill-intended.”
Sophie in ‘t Veld, a Dutch Euro MP who campaigns on privacy issues, tweeted: “Huge data leak. Will call for @EU_Commission and @Europol director to come and inform @Europarl_EN.”
News of the leak comes just day after Europol chief Rob Wainwright discussed the organisation’s role in information sharing and security at a special meeting of the Civil Liberties Committee. The committee has recently agreed new data protection standards for law enforcement agencies in the EU and the United States.
German MEP Jan Philipp Albrecht commented: “In future there will be high, binding standards and strong individual rights will apply when it comes to the exchange of data between police and law enforcement authorities.”
The leak also reinforces concerns over legislation such as the UK’s Investigatory Powers Act. Signed into law this week, the act compels internet service providers to save the browsing history of every British household, and make it available to a host of government agencies. Privacy campaigners are worried that hackers could access the servers this data is stored on and make the information public, or that a government worker might make a similar mistake to the one made by the Europol employee.