A huge data breach which gave dissident republicans access to the details of almost 10,000 police officers and civilian staff was the result of corporate failings on behalf of the PSNI, a critical report into the incident has found.
It said the security lapse in August had been the result of a failure to identify risks around data and counter them.
PSNI Chief Constable Jon Boutcher accepted the report was a "damning indictment" of how the PSNI had managed its data.
He said: "It's certainly a wake up call for every police force in the country in my view. There is no ducking of these issues."
Mr Boutcher said the police held the "most sensitive information" about a whole range of people including victims and vulnerable people.
He said: "We have to make sure we protect and safeguard that information in the same way that we seek to protect and safeguard people.
"Because of what has happened we are probably now at the forefront of managing sensitive information.
"Ironically because of what has happened, I think victims, members of the public whose data we hold, can probably be more reassured than ever before that we will protect their data."
All 10,000 officers and staff affected by the data leak are being offered £500 each to upgrade their personal security.
That will cost £5m with the money being made available by the British government.
However, the financial cost to the PSNI will be much higher than that.
More than 4,000 officers and staff have already joined a group action for damages arising from the incident.
The cost of the breach, including potential future litigation has been assessed as potentially running into several hundred millions of pounds.
The inadvertent release of details of serving officers and civilian staff helped force the then chief constable Simon Byrne out of office.
The surname and first initial of 9,483 employees, their rank or grade, gender, where they are based and their unit was published on a freedom of information site.
The huge data set had been attached to a response to a legitimate FOI request, which had gone through the hands of seven different people.
It was only up for two-and-a-half hours, but in that time it was accessed by the public and is now in the hands of dissident republicans.
One officer resigned as a result of the security lapse and 50 have gone on sick leave. It is believed that more than 4,000 staff have joined a civil action against their employers.
An independent review of the incident was jointly commissioned by the PSNI and the Northern Ireland Policing Board.
It was asked to investigate the cause of the breach, to advise on how to prevent a repeat and to try and restore confidence in how the PSNI handles data.
It said the incident had not been the result of a "single, isolated decision, act or incident by any one person, team or department".
"It was a consequence of many factors, and fundamentally a result of PSNI as an organisation not seizing opportunities to better and more proactively secure and protect its data, to identify and prevent risk earlier on, or to do so in an agile and modern way," the report stated.
"At the time of the incident, these factors had not been identified by audit, risk management or scrutiny mechanisms internal or external to PSNI," the report added.
It makes 37 recommendations around data handling and governance.
The review was led by Assistant Commissioner Pete O'Doherty, of the UK's National Police Chiefs' Council.
He said the breach had created fear amongst officers and legitimate questions in the minds of the public about how robustly the PSNI protected their confidential information.
"Whether you are employed by the organisation, you are a suspect under investigation or you might be a victim. So it's had an impact in many different ways and I think unless you work within Northern Ireland, it really hard to understand how that would have felt," Mr O'Doherty said.
In September, a senior PSNI officer told Westminster MPs the data breach could end up costing up to £220m in additional security, compensation and future litigation.
'Will cost millions to fix'
The Police Federation for Northern Ireland, which represents rank and file officers has said it will cost millions to fix deficiencies which led to the massive data breach.
Federation chairman Liam Kelly described the breach as "monumental", adding it caused "massive upheaval with some officers and staff feeling their personal safety and security had been compromised".
"The cost implications of fixing deficiencies, building resilience and necessary firewalls will cost millions of pounds," he said.
"The figure was estimated to be in the region of £40 million, according to Temporary Deputy Chief Constable Todd when he appeared before the Northern Ireland Affairs Committee in September 2023. Incorporating potential damages and fines inflated this figure by around another £200 million.
"As the PSNI already has a significant deficit budget, it will simply be impossible for any of these costs to be absorbed by the service, either now or in the future.
"Therefore, it is imperative the United Kingdom Government expeditiously allocates the required significant additional funding to enable the implementation of the recommendations.
"Ministers cannot walk away from their responsibilities or give the tiresome and lame excuse that as policing is a devolved matter, solutions and funding will have to come from a reconstituted Northern Ireland Executive."
