An “error” in a “standard housekeeping process” on the UK’s controversial Police National Computer (PNC) database has led to the deletion of more than 150,000 DNA, fingerprint and other records, the Home Office has confirmed.
Visa applications were also held up for two days, according to the Times.
The PNC – the national law enforcement DB that holds personal info on people arrested by the police as well as data on people who have been questioned by police but never charged or convicted of any offence – is hosted on a Fujitsu mainframe, running Software AG’s Natural programming language using ADABAS database.
Last year Home Office Minister Kit Malthouse assured Parliament it had round-the-clock support from the vendor.
Non-police orgs merrily accessed PNC without authority, says HMIC
Reportedly, a weekly so-called “weeding” session to purge old data erroneously removed the valid data, which included arrest, fingerprint records and intelligence files about suspects. The deletion reportedly took place this week. We have asked Fujitsu for comment.
Malthouse told The Reg in a statement:
The PNC system is a Fujitsu BS2000/OSD SE700-30 mainframe based in a Hendon data centre. It is used by the UK’s territorial and regional police forces, the Serious Fraud Office, the Security and Secret Intelligence Services (MI5, MI6), HM Revenue & Customs and the National Crime Agency. They have controlled and 24-hour access from remote terminals and through local police force systems.
Fujitsu BS2000 mainframe has a central SE server unit running the BS2000 OSD/XC operating system and applications. There are additional server and application units that can be attached, as well as an SE net unit for network connectivity. The application units can be X86 servers running Unix and Windows, with applications executing inside these environments.
Storage can (potentially) be provided by a Fujitsu ETERNUS SAN with ETERNUS LT tape libraries available for backup and archive.
Fujitsu’s HSMS line is a hierarchical file, database and library backup system for the BS2000 mainframe.
The lost data include fingerprints and DNA collected from suspects that would be matched against evidence from the crime scene.
The system is operated under the UK’s Home Office, and weekly user jobs locate and weed out data that is no longer required or must be deleted after a certain time.
We understand this is Home Office-provided software, not Fujitsu software. Fujitsu would not have weeding functionality in the base BS20000 OS, which would likely be a function of the PNC’s application and system software.
Separate DNA and fingerprint database systems are connected to the PNC, which is how their record data can be “weeded” as well.
It is reported that Home Office staff are trying to get some of the deleted information back. This implies, strongly, that they cannot simply restore the deleted information from backup files.
Police were warned about problems getting data onto the PNC in 2005, following the Soham murders.
That same year, the Police National Computer’s “Hot Stand-By” back-up system, designated “national critical infrastructure” by the government, was destroyed in a Buncefield oil depot fire that also damaged the premises of Northgate, Dixons, etailer Asos.com and Richer Sounds.
In 2018, The Home Office said it was planning to replace the creaky PNC and the Police National Database (PND) with a Law Enforcement Data Service (LEDS) as part of its National Law Enforcement Data Programme – which has also come under fire by civil rights bodies..
A 2016 investigation by HM Inspectorate of Constabulary (HMIC) revealed that the FCA had obtained ongoing, illicit access to the PNC. ®