PERSONAL data of hundreds of private citizens, including email passwords, has been placed into the hands of suspected loyalist paramilitaries by the PSNI.

The information was unintentionally given to loyalists subject to investigation by the Paramilitary Crime Task Force.

A number of computer devices were believed to have been removed for forensic examination as part of the investigation.

The devices were returned to the owners following examination.

However, a pen drive containing what is thought to be a 'configuration file', containing personal details of private citizens harvested from a number of internet service providers, was left in one of the devices.

A police spokesperson last night said that "no report of this nature has been made through the PSNI's incident reporting and security standards which are in force for all staff and officers to follow".

However, The Irish News has seen files that contain emails and email passwords belonging to private citizens and Northern Ireland-based businesses.

They also appear to show the monitoring of private citizens' computer transactions and traffic between multiple service providers.

Thousands of pages of private data was handed over to the loyalists.

Read more: Analysis by Allison Morris - Data breach not the first of its kind (premium)

A loyalist source told The Irish News: "The IRA had to go to the trouble of breaking into Castlereagh, we've been handed this information without having to leave the house.

"It raises the question what are the PSNI doing with this kind of information in the first place."

At least one west Belfast business is listed among the hundreds of folders, with the password to the legitimate business's email address.

It is not known if those listed are under investigation or if the PSNI has been gathering data for other reasons.

While The Irish News has seen some of the data, it is not in possession of it and does not intend to make public any of the private information seen.

In April, three appeal court judges ruled that British government ministers had six months to redraft the 2016 Investigatory Powers Act - labelled 'the snooper’s charter' - following a challenge by human rights group Liberty.

Ministers had wanted to wait until Britain leaves the EU next year to introduce new rules, but Liberty argued that the act violates the public’s right to privacy by allowing the storage of and access to internet data.

The act was ruled to be inconsistent with EU law because it allowed access to retained data which was not limited to the purpose of combating "serious crime" and not subject to oversight by a judge or other independent body.

The data seen by The Irish News seems to suggest that despite the legislation not yet being implemented, storage of internet data is taking place in Northern Ireland.

Leading human rights solicitor Niall Murphy said last night: "The scale of this apparently unlawful information harvesting is staggering and requires an independent and robust investigation.

"Secondly, that this massive information haul, of private citizens' personal data, has been handed to persons believed by them to be loyalist paramilitaries, is a security lapse not seen in this jurisdiction since the Castlereagh break-in.

"They must take steps to notify every individual whose personal data they have harvested and then handed over.

"Each of those persons should take steps to review their personal security and should also consult their solicitor to pursue litigation in respect of this personal endangerment and breach of their private data rights, recently enhanced with the introduction of General Data Protection Regulation (GDPR)."

Read more: Analysis by Allison Morris - Data breach not the first of its kind (premium)