Sky News has learned that up to 450 people who filed reports through an online tool over a two-year period could have been put at risk by hackers due to security flaws.
Although the tool was decommissioned after an internal security review discovered that confidential information was being exposed, the force did not inform the individuals who were affected.
Read more on Sky News. It seems that they didn’t have enough data going back far enough to determine whether the data had actually been accessed. So what happened to the “in an abundance of caution” mentality? When in doubt, they should have notified, shouldn’t they have?