The personal information of 31 international leaders, including President Barack Obama, was accidentally leaked during the G20 Summit last November. The cause: An autofill error made by a member of the Australian immigration department, who sent an email containing the leaders' passport information to the wrong address.
Oof.
The Guardian reports that the email, which contained information such as names, titles, dates of birth, and passport and visa numbers, was accidentally sent to organizers of the Asian Cup soccer tournament. Cup organizers believed the email was stored securely and was not accessible or recoverable by any other systems.
"The cause of the breach was human error. [Redacted] failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person," an email sent to the Australian privacy commissioner's office, obtained by The Guardian, explained.
Given the nature of the data leak (it wasn't automated or a dedicated attack, and the risk of the information being further transmitted was considered quite low), the Australian privacy commissioner suggested refraining from informing world leaders of the leak at the time. Data breach notification laws vary from country to country, so withholding that information could have violated laws in some countries.
White House Deputy Press Secretary Eric Schultz told reporters Monday that the administration is examining the reports and it will “take all appropriate steps necessary to ensure the privacy and security of the President’s personal information.”
In the meantime, this serves as an important reminder to double-check the "To" field of your email before hitting the "Send" button.
AdvertisementADVERTISEMENT