The personal details of all 20 leaders at the recent G20 summit in Australia have been accidentally leaked by the Australian immigration department. Despite being notified of the high-profile breach four months ago, it neglected to inform anyone.
The details included passport numbers, visa details and other particulars of each leader at the summit. The peculiar thing is they were sent to the organizers of the Asian Cup football tournament, the Guardian has revealed.
The mishap was caused by an employee who inadvertently caused the leak, which involved the Russian, American, British, German, Chinese leaders, among others. It remains unclear if any of the leaders was notified.
On November 7, the Australian privacy commissioner was notified of the breach in an email from the director of visa services at Australia’s Department of Immigration and Border Protection, which sought critical advice on dealing with the situation. According to the letter, obtained by the Guardian through Australia’s freedom of information laws, the whole thing was hushed without further mention.
— Jane Wardell (@TheJaneWardell) November 15, 2014
“The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (i.e. prime ministers, presidents and their equivalents) attending the G20 leaders’ summit,” wrote the director of visa services, attributing the breach to “human error.”
The officer who made the mistake “failed to check that the autofill function in Microsoft Outlook had entered the correct persons’ details into the email ‘To’ field. This led to the email being sent to the wrong person,” the email continued.
According to the letter, the office was then notified by the Asian Cup that it had mistakenly been sent the email containing the sensitive details.
Things took a turn for the weird after that. Explaining that it was “unlikely that the information is in the public domain,” the official was convinced that any risks were minimal.
“Whilst the recipient is not a professional body or other institution which might have a professional or legal obligation to treat the data in one way or another, there is nothing to suggest that he would deal with it inappropriately, not least of all because of the limited information that has been disclosed and the fact that the unintended recipient immediately contacted the department to report receipt of the email.”
There was also allegedly nothing to suggest that there was further risk, because the Asian Cup body “deleted” the emails in the trash folder.
“Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” the official continued.
When the Guardian reached out to the immigration office for comment on whether the leaders had themselves been notified, it did not receive a reply. The immigration minister’s office also declined to respond.
This is not the best time for Australia to be embroiled in such a high-profile case of negligence, given the fresh data retention laws that just days ago passed both houses of parliament.
The bill proposes that the country’s communications providers be forced to store personal client data – just the latest step in the Australians’ beefing up their security measures amid a rise in threats of extremist activity on their soil.
Privacy advocates fear that the new measures are guaranteed to be misused by the government. And given Australian population’s firm status among the heavyweights of illegal downloading and copyright infringement, some fear the application of the laws could spread beyond tackling terrorism.
“There are a few red faces in Australia from this because Australian government is emphasizing the importance of data security. The impact of actual data is not going to be great. The significance is that the leaders were not told about it. It was not deemed essential that they be told – it was kept within the immigration circles. This kind of situations happen. The Abbott government has a very peculiar attitude to data retention,” Binoy Kampmark, a lecturer at the RMIT University in Melbourne, told RT.