Freedom of information request reveals 263 breaches since 2022, mostly due to internal errors
Avon and Somerset Police has confirmed it recorded more than 250 data breaches in the past three years, with over 120 incidents occurring in 2023/24 alone.
The figures, disclosed through a Freedom of Information request by Data Breach Claims UK, show the force logged 263 breaches between 2022 and 2025. In 2022/23, there were 94 breaches; in 2023/24, 121 breaches; and in 2024/25, a further 48 incidents.
A data breach occurs when personal information — such as addresses, phone numbers or other identifying details — is destroyed, altered, lost, or accessed without authorisation. Avon and Somerset Police said the “vast majority” of these cases involved mistaken sharing of information internally between officers and staff, rather than data leaving the force.
The most common type of breach was compromised information, accounting for 172 incidents — nearly two-thirds of the total. Only three cases, or 1.1%, were classified as unlawful activity.
Embed from Getty ImagesA force spokesperson said they recognised their responsibility to safeguard sensitive data and highlighted a significant reduction in breaches over the past year. “The vast majority of these incidents relate to mistaken sharing of data among officers and staff, often as the result of procedural errors, and do not involve information being shared outside Avon and Somerset Police,” they said.
The spokesperson added that the drop in breaches reflected “significant efforts” to prevent errors, including mandatory training for all staff on data handling, privacy, and breach reporting. Sensitive records are encrypted, securely stored, and accessible only to authorised personnel.
“We complete regular audits to identify and respond to any risks,” they said, noting that a dedicated team oversees the process. “Any data breach will be assessed against guidance from the Information Commissioner’s Office (ICO) and our own internal procedures to ensure an appropriate response is made. Our processes were recently assessed by the ICO, which found they are clear and well-structured and commended our proactive approach to reporting breaches.”
According to Bethan Simons of JF Law, information leaks can have severe consequences for those affected. “They can lead to identity theft, fraud, harassment, and severe emotional distress,” she said. “If the police force’s failings caused a data breach and you suffered financial or emotional harm as a direct result, then you may have grounds to pursue a claim.”
Data Breach Claims UK also stressed that not all breaches result from sophisticated cyberattacks. Many, they said, stem from human error, such as misdirected emails, documents sent to the wrong address, loss or theft of devices like laptops or USB sticks containing sensitive information, or accidental publication of data.
Internal mishandling was also cited as a recurring cause, with examples including officers accessing records without authorisation or failing to redact sensitive details before sharing. Simons said prevention requires “comprehensive training for staff on data handling protocols, encryption of devices, and strict policies regarding the sharing and retention of data.”
While Avon and Somerset Police say most of the breaches were contained within the force, the revelations come amid wider scrutiny of data handling practices in UK policing. In recent years, several forces have faced criticism — and, in some cases, penalties — after sensitive information was exposed due to procedural lapses or security failings.
For Avon and Somerset Police, the challenge will be to maintain the recent downward trend in breaches while restoring public confidence that personal information is being handled with the highest possible care.