Australia’s immigration department mistakenly disclosed personal information of world leaders who attended last November’s G20 Summit in Brisbane, according to a new report from The Guardian.
The leak forwarded the personal details of 31 attendees, including President Barack Obama, Russian president Vladimir Putin, German Chancellor Angela Merkel, Chinese president Xi Jinping, Indian prime minister Narendra Modi, Japanese prime minister Shinzo Abe, Indonesian president Joko Widodo, and British prime minister David Cameron.
In a November 7th, 2014 email from Australia’s Department of Immigration and Border Protection obtained by The Guardian in a freedom of information request, personal details of the attendees, including “the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held”, were accidentally sent to an organization committee member of the 2015 Asian Cup international soccer tournament.
The leak was caused by an “isolated example of human error,” according to the email. An immigration department employee “failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field.” The recipient of the information, a member of the Asian Cup local organization committee, quickly notified the immigration department that the email had been sent to the wrong person.
The email reveals that the Asian Cup’s local organization committee deleted the sensitive email and did not “believe the email to be accessible, recoverable or stored anywhere else in their systems.”
The Immigration and Border Protection officer went on to recommended that the G20 summit attendees not be informed of the leak. “Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” the officer wrote.
“As mentioned above, this was an isolated example of human error, but I will nonetheless take the opportunity to remind staff of their obligations in relation to private client data and how to treat this. I will also reinforce the need to double check email recipients before sending emails.”
News of the leak follows last week’s passage of mandatory data retention laws by the Australian Senate, which now requires telecommunications and internet service providers to store their customers’ metadata for a minimum of two years.