The home and work addresses of hundreds of celebrities, politicians and emergency service workers have been posted online in a huge Cabinet Office blunder.

The government has since apologised “to all those affected” after it accidentally published addresses of more than 1,000 New Year Honour recipients online.1

The file – which included details of senior police officers and politicians – was uploaded to an official website on Friday evening and removed Saturday.

The security breach was slammed as a ‘serious and extraordinary breach’ by a former Civil Service boss.

Lord Kerslake, who was head of the Civil Service from 2012 to 2014, has demanded an urgent investigation into the accidental publication of the confidential information by the Cabinet Office.

He told the BBC: ‘It’s a serious and indeed extraordinary breach because this is a well-established process that has gone on in pretty much the same way for years. I think an urgent investigation is certainly needed.’

There are now fears that home addresses of celebrities, MI5 officers, police and military officials who received new year honours are already for sale on the dark web.

Addresses of prominent figures such as cricketer Ben Stokes, former director of public prosecutions Alison Saunders, former Conservative Party leader Iain Duncan Smith, TV cook Nadiya Hussain, former Ofcom boss Sharon White and musician Elton John were also published in the public domain.

Apology

A Cabinet Office spokesperson apologised, saying: “A version of the New Year honours 2020 list was published in error which contained recipients’ addresses.

“The information was removed as soon as possible. We apologise to all those affected and are looking into how this happened. We have reported the matter to the ICO and are contacting all those affected directly.”

The Cabinet Office told the BBC it was “looking into how this happened“.

The data breach was described as “farcical and inexcusable” by privacy campaign group Big Brother Watch.

The organisation’s director, Silkie Carlo, said: “It’s extremely worrying to see that the government doesn’t have a basic grip on data protection, and that people receiving some of the highest honours have been put at risk because of this.

“It’s a farcical and inexcusable mistake, especially given the new Data Protection Act passed by the government last year. It clearly can’t stick by its rules.”

The ICO, which has the power to fine organisations for data breaches, said it will be “making enquiries“.

This is not only due to the information of celebrities having been shared, but also due to senior police and Ministry of Defence staff’s personal details among data posted too.

The Cabinet Office, which is responsible for the UK’s National Cyber Security Strategy, could face a fine of up to £17million if it is found to have broken data rules.

Dark web

Some have even suggested that a version of the list could have remained on the internet for a further five hours – giving criminals plenty of time to download it. 

Police officers and intelligence officials are understood to be scouring the dark web to see if the address document is being secretly traded by criminals.

Richard Walton, who headed anti-terror operations at Scotland Yard until 2016, told the Sunday Times that extra security must be considered for those in sensitive posts, adding: ‘The release of private addresses of these individuals into the public domain will be a threat.

1https://www.bbc.co.uk/news/uk-50929543