Cabinet Office works to manage fallout of honours data leak calamity
Security advice reportedly offered to those whose details were leaked – which included celebrities such as Ben Stokes and Nadiya Hussain
Credit: Matt Crossick/PA Wire/PA Images
Government officials are offering security advice and guidance to the victims of the New Year Honours data leak after the Cabinet Office published the addresses of recipients.
It is understood that civil servants from different departments are working across government in a bid to ensure that any potential risks to individuals are minimised.
The private addresses of hundreds of high-profile individuals and senior officials, ranging from Sir Elton John (pictured above) to the Cabinet Office’s own newly knighted permanent secretary John Manzoni, were leaked online when the honours list was first published last Friday.
One of those affected, former cabinet minister Iain Duncan Smith, said: “Ministers need to be asking some very serious questions of those involved about how this was allowed to happen and why no final checks were carried out before the document was published."
The former work and pensions secretary, who was knighted in the latest honours list, dubbed the leak a "complete disaster."
- GDPR blamed for doubling of Whitehall’s recorded data breaches
- ICO consults on new data-sharing guidance
- Life hacks – a year at the National Cyber Security Centre
He added: “Everybody knows virtually everything about me. It's much more concerning for private citizens, like those who have been involved in policing or counter-terrorism or other such sensitive cases, to have their addresses published."
Lord Bob Kerslake, a former head of the civil service, called the leak “a serious and indeed extraordinary breach”, given that details about New Year honours recipients is published annually.
“This is a well-established process that has gone on in pretty much the same way for years, so I think an urgent investigation is certainly needed.”
While the leak is “likely to be human error” there are questions over how well staff were trained about the importance of maintaining security, he said.
The Cabinet Office is not commenting on the security advice being given to people whose addresses were made public.
In a statement, a Cabinet Office spokesperson said: "A version of the New Year Honours 2020 list was published in error which contained recipients' addresses. The information was removed as soon as possible. We apologise to all those affected and are looking into how this happened.”
They added: "We have reported the matter to the Information Commissioner’s Office and are contacting all those affected directly."
The ICO has begun an investigation into the leak. In a tweet, it said: “In response to reports of a data breach involving the Cabinet Office and the NY Honours list, the ICO will be making enquiries.”
If the government is found to have breached the General Data Protection Regulation, it could face a fine.
Conservative MP Sir Bernard Jenkin, the former chairman of the public administration and constitutional affairs select committee, said yesterday that “the civil service will be agonising over how this happened. There will clearly be an investigation to establish exactly who decided what. They must publish the findings as soon as possible."
He added that it is "far more important to find out how the mistake was made than to find one individual to punish because it is likely that there was miscommunication or a misunderstanding or an innocent oversight rather than gross negligence or even malice.”
This article originally appears on PublicTechnology sister publication Civil Service World
We are approaching the fourth anniversary of the foundation of the NCSC and the threats it was created to respond to loom larger than ever. PublicTechnology examines the growth of the UK’...
A major government-commissioned study found that about half of UK organisations are lacking basic security skills. PublicTechnology talks to the researchers behind it to find out where...
Cabinet Office minister said that, despite the controversy that often surrounds the PM’s top adviser, ‘people are interested in Dominic and his ideas’
New initiative will seek to gain views of people aged 13 to 25
PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
CyberArk's John Hurst looks at the true cost of GDPR breaches