The personal details of world leaders – including David Cameron, Barack Obama and Vladimir Putin – have been accidentally revealed in an embarrassing privacy breach.
It has been discovered that an employee at the Australian immigration department mistakenly sent personal information of all world leaders attending the G20 summit to organisers of the Asian Cup football tournament.
And the heads of government were kept in the dark about the employee’s blunder.
The passport numbers and visa details of United States president, Barack Obama, the Russian president, Vladimir Putin, the German chancellor, Angela Merkel, the Chinese president, Xi Jinping, the Indian prime minister, Narendra Modi, the Japanese prime minister, Shinzo Abe, the Indonesian president, Joko Widodo, and the British prime minister, David Cameron, were all exposed.
However, the international chiefs who attended the Brisbane summit in November and fell victim to the email error were not informed of the privacy breach.
The Australian privacy commissioner was contacted by the director of the visa services division of Australia’s Department of Immigration and Border Protection to inform them of the data breach on 7 November 2014 and seek urgent advice.
And in an email sent to the commissioner’s office, the breach was attributed to an employee who mistakenly emailed a member of the local organising committee of the Asian Cup - held in Australia in January - with the personal information.
An officer wrote: “The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (i.e. prime ministers, presidents and their equivalents) attending the G20 leaders’ summit.
“The cause of the breach was human error. [Redacted] failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person.
“The matter was brought to my attention directly by [redacted] immediately after receiving an email from [the recipient] informing them that they had sent the email to the wrong person.
“The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach.”
The officer wrote that it was “unlikely that the information is in the public domain” and suggested that because the risks of the breach were considered low, it was not necessary to notify those whose information was involved.
However, the recommendation not to disclose the breach may be at odds with privacy laws in some of the world leaders’ countries.
Britain, Germany and France all have different forms of mandatory data breach notification laws that require individuals affected by data breaches to be informed.
The office of the Australian immigration minister, Peter Dutton, did not respond to questions.Reuse content