Sign up to our newsletter
A common email mistake accidentally disclosed passport and visa details of 31 world leaders attending the G20 summit in Australia, the BBC reports.
The breach occurred when a staff member at Australia’s Department of Immigration accidentally emailed the details of 31 leaders to the organizers of the Asian Cup international soccer tournament, reports CNET. This means that personal information relating to the likes of Barack Obama, David Cameron, Vladimir Putin, Angela Merkel and Xi Jinping were leaked – albeit not publicly.
Though this happened last November, details are only just emerging now following a freedom of information request. The Guardian reports that the Australian authorities did not attempt to contact the leaders involved.
The freedom of information request resulted in the release of an email chain which explained exactly what happened, and how. “The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (ie prime ministers, presidents and their equivalents) attending the G20 leaders summit,” reads the email.
“The cause of the breach was human error. [Redacted] failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person.”
“The matter was brought to my attention directly by [redacted] immediately after receiving an email from [the recipient] informing them that they had sent the email to the wrong person.
“The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach.”
There is a certain irony in the Australian government falling foul to such a simple security slip up. Earlier this year, the Australian Cyber Security Centre released a tongue-in-cheek informational video starring comedian Merrick Watts as a careless government spokesperson failing to follow his own (sensible) security advice to promote cybersecurity precautions.
The immigration officer responded to the breach notification by recommending those affected not be notified. “Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” she wrote.
Drop of Light / Shutterstock.com
Author Alan Martin, ESET