More than 1,000 celebrities, government employees and politicians who received honours in the new year list have had their home and work addresses posted on a government website, the Guardian can reveal.
The accidental disclosure of the tranche of personal details is likely to be considered a significant security breach, particularly as senior police and Ministry of Defence staff were among those whose addresses were made public.
Many of the more than a dozen MoD employees and senior counter-terrorism officers who received honours had their home addresses revealed, along with countless others who may believe the disclosure has put them in a vulnerable position.
Prominent public figures including the musician Elton John, the cricketer Ben Stokes, NHS England’s chief executive, Simon Stevens, the politicians Iain Duncan Smith and Diana Johnson, TV chef Nadiya Hussain, and the former director of public prosecutions Alison Saunders were among those whose home addresses were published.
Others included Jonathan Jones, the permanent secretary of the government’s legal department, and John Manzoni, the Cabinet Office permanent secretary.
A member of the public contacted the Guardian after downloading a spreadsheet from the government website page where the 2020 new year honours list – which was drawn up and approved during Theresa May’s premiership – was posted.
It is thought the document seen by the Guardian, which contains the details of 1,097 people, went online at 10.30pm on Friday and was taken down in the early hours of Saturday.
However, the vast majority of people on the list had their house numbers, street names and postcodes included.
A Cabinet Office spokesperson apologised for the error and said it had reported itself to the Information Commissioner’s Office.
“A version of the new year honours 2020 list was published in error which contained recipients’ addresses,” the spokesperson said.
“The information was removed as soon as possible. We apologise to all those affected and are looking into how this happened. We have reported the matter to the ICO and are contacting all those affected directly.”
Experts said the nature of the breach made it difficult to remedy. “This could be catastrophic,” said prominent data rights lawyer Ravi Naik. “It is hard to put the information genie back in the bottle once it’s out. This quite sensitive data will spread like a virus and is extremely difficult to remedy.
“There is also a security risk to Ministry of Defence staff and I hope the Cabinet Office will be taking steps to remedy that. But you can’t get everyone to move house.”
He welcomed the fact that the Cabinet Office hadcontacted the ICO and would be informing those affected.
Naik said: “It’s important to find out how many times that list was downloaded. You would hope they are taking appropriate steps to limit the damage and work backwards from who downloaded the list.”
The Cabinet Office is responsible for supporting the National Security Council and the Joint Intelligence Organisation. It coordinates the government’s response to crises and manages the UK’s cybersecurity.
The ICO said: “In response to reports of a data breach involving the Cabinet Office and the new year honours list, the ICO will be making inquiries.”
