Sign up to our newsletter
The latest security news direct to your inbox
In an embarrassing breach of security, the passport numbers of members of the England Football squad have been accidentally tweeted out by the team’s official sponsor.
The information was included on an official FIFA team sheet, shared with members of the press one hour before the English team played a friendly match against Ecuador at the Sun Life Stadium in Miami.
Unfortunately England’s corporate sponsor Vauxhall clearly didn’t realise that the passport numbers might be sensitive, and excitedly tweeted out a smartphone photo of the line-up to ardent soccer fans.
The photograph showed the names, dates of birth, and passport numbers of England’s starting line-up of eleven players and the seven substitutes. Oops. Something of an own goal, there.
The player’s dates of birth are easy for anybody to find with a little help from Wikipedia, but it doesn’t feel right reproducing them here – so I have redacted them in the image above as well as the passport numbers which clearly shouldn’t be in the public domain.
Vauxhall quickly realised its blunder, and deleted its tweet.
But, of course, the internet doesn’t work like that. Once you publish anything on the internet there is no guarantee that you will be able to remove every trace of it – especially if you directly tweeted it to thousands of avid football fans.
We all have to learn to be more careful about what we share on the internet – and think before we tweet.
At least former England football captain Gary Lineker had something amusing to say on the subject.
England have never lost a World Cup in which the players' passport numbers were on a pre tournament friendly team-sheet.
— Gary Lineker (@GaryLineker) June 4, 2014
(There’s always a first time, Gary)
I’m sure none of us would like our passport details to become public knowledge, as there is always a chance that an identity fraudster might take advantage of the information for their own malicious purposes.
Bad enough for you or me – but imagine how much more tempting it might be for criminals to exploit the information when it relates to somebody who earns £125,000 per week.
No doubt, however, most of those handsomely-paid players (on the English side at least, I have no idea what kind of salaries footballers command in Ecuador) will have a minion who can organise a new passport for them should it be felt to be required.
The English Football Association (FA) says the data leak is nothing to do with them, and pointed the finger of blame at the match’s organisers:
“It is a matter for the match organisers, the publication and distribution of the team sheets are their responsibility.”
This isn’t, of course, the first time that FIFA has been connected with an alleged security breach involving passport information.
In August 2010, the Norwegian newspaper Dagbladet claimed that the details of 250,000 fans who had attended the 2006 FIFA World Cup in Germany had been sold on to ticket touts, including the passport details of 35,689 UK ticket purchasers.
According to reports at the time, the alleged data leak was blamed on a rogue employee at FIFA’s official ticketing agency, although investigators from the UK’s Information Commissioner’s Office (ICO) later asserted that there was no evidence that British passport holders had been exposed.
For those who care about such things, the England-Ecuador match ended as a 2-2 draw.
But there were definitely losers: the players who had their personal information needlessly shared with the world via Twitter.
Author Graham Cluley, We Live Security