Singapore Markets close in 2 hrs 52 mins

Cabinet Office ‘complacency’ blamed after honours recipients’ addresses leaked

·2-min read
Sir Elton John's details were published online in the 2019 leak from the Cabinet Office - Phillip Faraone/Getty Images for iHeartMedia
Sir Elton John's details were published online in the 2019 leak from the Cabinet Office - Phillip Faraone/Getty Images for iHeartMedia

The glitch that saw the home addresses of honours recipients leaked was identified by the Cabinet Office a week before the incident, a report has found.

Celebrities such as Sir Elton John, Gabby Logan and Ainsley Harriot Senior - as well as counter-terrorism police officers - were among more than 1,000 people to have their details exposed in the 2019 breach.

The privacy watchdog, the Information Commissioner's Office (ICO), criticised the Cabinet Office’s “complacency” in handling the sensitive information, fining it £500,000 for the leak.

Hundreds ‘exposed to the risk of identity fraud and threats to personal safety’

A report found that the civil servants initially spotted that recipients addresses had been erroneously included in the public file eight days before it was published on December 27, 2019.

Although staff in the department's Honours and Appointments Secretariat flagged the error on December 19, it was decided to try to hide the addresses rather than redo the report, as it was close to publication.

The fact the addresses were visible were flagged again on December 24. However, they were again not successfully removed from the file.

The report said that neither the press office nor digital teams then checked the files before publishing on December 24, as the email that sent the file said the formatting issues had been resolved.

However, the addresses were then made visible to the public for almost two and a half hours on the Gov.uk website, where they were viewed more than 3,800 times.

Steve Eckersley, director of investigations at the ICO, said: “The Cabinet Office’s complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.”

Following the fine, the Cabinet Office said it had implemented “a number of measures” to prevent future breaches.

A spokesman said: “The Cabinet Office would like to reiterate our apology for this incident.

“We took action to mitigate any potential harm by immediately informing the Information Commissioner and everyone affected by the breach.”

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting