A diplomatic firestorm is erupting between London and Paris after the UK Home Office admitted to a catastrophic data leak that exposed the criminal record of a French national suspected of murdering a child. Sources confirm the breach occurred during an intergovernmental data-sharing protocol, and the Home Office has launched an emergency review of its safeguards.
The suspect, a 37-year-old man arrested in Lyon on Monday, is accused of the brutal killing of a nine-year-old girl in a case that has gripped France. But the UK’s internal security apparatus inadvertently published his full criminal history including prior convictions for sexual offences which were supposed to remain sealed under French privacy laws. The data was visible on a secure portal for less than four hours, but that was enough for French media to capture screenshots before the leak was closed.
“This is a catastrophic failure of trust,” a senior French justice ministry official told me. “We shared that data in confidence, and now the suspect’s identity is being dragged through the tabloids. It could jeopardise the entire prosecution.”
The Home Office acknowledged the “serious data incident” in a late-night statement, vowing a “root-and-branch review” of its information-sharing protocols with international partners. However, Whitehall sources say the damage is done. The leaked records include details of the suspect’s previous arrest for assaulting a minor and his time served in a French psychiatric institution.
The French president’s office has demanded an “urgent explanation”, with one Élysée adviser calling the leak “a violation of France’s sovereignty”. Meanwhile, the suspect’s lawyer is already preparing a motion to have the case thrown out on grounds that his client cannot receive a fair trial after the media frenzy.
I have obtained internal Home Office emails from a whistleblower that show warnings about the portal’s vulnerability were raised six months ago. “We flagged this exact risk in a memo dated November last year,” the source said. “No one acted. Now a little girl’s killer might walk free because of a IT cock-up.”
The Home Office has declined to comment on the memo, but the permanent secretary is understood to have ordered an inquiry into whether any staff were “asleep at the wheel”.
This is not the first time UK-French data sharing has turned toxic. In 2021, a similar breach exposed the addresses of dozens of protected witnesses in a terrorism trial. That scandal was buried in a parliamentary written statement with little fanfare. But with a child’s death at the centre of this leak, the stakes are infinitely higher.
The suspect remains in custody in Lyon, but his extradition to the UK where the murder allegedly took place is now in doubt. French judges are reportedly resisting British requests to transfer him while the privacy violation is litigated.
Behind the diplomatic dances, the real tragedy is the nine-year-old girl whose name I cannot publish for legal reasons. Her family is caught in a bureaucratic nightmare that has nothing to do with justice. As one detective told me off the record: “We’re more worried about protecting data than protecting kids.”
The Home Office review is expected to report within 30 days. But the clock is ticking. If the suspect walks, the blood will be on the hands of the idiots who forgot to lock the digital door. And I will be there to name every last one of them.
