Personal Information of 31 World Leaders Leaked in Email

The personal details of the 31 world leaders who attended the G20 summit in Brisbane, Australia last year were leaked prior to the event in November, it has emerged, when an email meant to be sent to a colleague within the Australian Department of Immigration and Border Protection was accidentally sent to the organizers of the Asian Cup football tournament.

In an email sent on November 7 and entitled "URGENT: Privacy Breach," the director of the Department's Visa Services Support and Major Events section asked for "urgent advice from the Privacy Commissioner given the sensitivities involved," and went on to explain that "an email was sent on 7 November 2014 containing the personal information, including passport details and visa status, of Leaders coming to the G20 Leaders' Summit."

The email to the Privacy Commissioner reveals that a member of the department accidentally sent the email to a person working for the Asian Cup Local Organizing Committee, having failed to check the auto-fill function on their account before sending it. The recipient later emailed back "less than ten minutes after," informing the sender of their mistake, and that he had deleted the email from his folders. 

"The personal information which has been breached is the name, date of birth, title, position, nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (ie, Prime Ministers, Presidents and their equivalents) attending the G20 Leaders Summit on November 15-16, 2014."

"The Asian Cup Local Organizing Committee does not believe the email to be accessible, recoverable or stored anywhere else in their systems," said the email. "Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach."

The decision not to notify the leaders that their details had been leaked could be in contravention of privacy laws in several of their countries; data protection laws in Britain, France and Germany stipulate that those affected must be informed of any breach of their personal details. 

In their email informing of the breach, the Visa Services manager said they "will also reinforce the need to double check email recipients before sending emails." A statement on Monday from the Department of Immigration and Border Protection said that "the department has reviewed and strengthened its email protocols to limit and contain future breaches."