Dyfed-Powys Police has experienced over 400 data breaches since 2022 new figures show, as the force pays compensation to successful claims.

Figures obtained by Data Breach Claims UK found that, in the past three years, over 400 data breach incidents have taken place within Dyfed-Powys Police.

Police officers and staff have access to vast amounts of personal data, which can include information such as a person’s name, phone number, email or address.

As police forces have to keep extensive records for investigations, they are seen as data controllers under the Data Protection Act 2018.

As a result, data breach incidents can occur where this personal data is destroyed, altered or lost either accidentally or unlawfully, which can lead to a victim experiencing financial loss or psychological harm.

According to a study conducted by VPNoverview in 2020, UK police forces suffered more than 2,000 data breaches across the year, highlighting both the threat from ransomware used by cyber criminals as well as malicious insiders who may be working for the police.

In 2022, Dyfed-Powys Police saw 104 data breaches take place before this number rose to 134 a year later.

Over the past year, the force has seen a decrease in these security incidents, with the total standing at 126.

Due to the sensitive nature of the information held, police forces try and ensure that this data is handled with the utmost respect to maintain the public’s trust and confidence.

However, data breaches within the force are a significant and growing concern as they can happen in many different ways.

Bethan Simons, solicitor at JF Law, said: “Breaches don’t always have to be complex cyberattacks, as breaches can often occur from human error. This can include misdirected emails, documents sent to the wrong address, the loss or theft of devices such as laptops or USB sticks containing sensitive information, or even the accidental publication of data, as seen with several UK forces.

“Internal mishandling is another cause of data breaches, such as officers accessing data without authorisation or failing to redact certain sensitive details.

“To prevent these breaches, forces must prioritise data protection measures involving comprehensive training for staff on data handling protocols, encryption of devices, and strict policies regarding the sharing and retention of data.

Via freedom of information requests, Data Breach Claims UK also found out the most common types of data breaches that took place within Dyfed-Powys Police.

Inappropriate sharing of data was the most common type of data breach, totalling 114 incidents, followed by emails sent to the wrong recipients, which led to 75 breaches.

In 2024, the Information Commissioner’s Office (ICO) reprimanded West Midlands Police after they had incorrectly merged the records of two victims of crimes however, one was also a suspect, and this was seen as a breach of the Data Protection Act 2018.

Mistakes like this within the police can lead to inaccurate personal information being processed, ongoing investigations being affected, and data breach victims having their sensitive data leaked.

As a consequence of the data breaches the force has suffered since 2022, 6 claims have been lodged against Dyfed-Powys Police looking for compensation.

This has led to a total of £6,500 being paid out to successful claimants, with the highest amount being paid in 2024/25 at £6,000.

Bethan continued: “Information leaks can have a huge impact on victims as they can lead to identity theft, fraud, harassment, and severe emotional distress.

“If the police force's failings caused a data breach and you suffered financial or emotional harm as a direct result, then you may have grounds to pursue a claim, and it's crucial to seek legal advice promptly.”

Data Breach Claims UK offers support to those whose personal data was compromised in a police data breach and can see if they have grounds to submit a claim.

They operate a 24-hour helpline, with an online claim form too, which you can access on their website.