WASHINGTON,MARCH 31: The government of Australia accidentally disclosed personal information about President Obama and 30 other world leaders who traveled there last fall for a summit meeting, according to a report on Monday in The Guardian.
A document obtained by the British news organization shows that an official in the Australian immigration department mistakenly sent the information, which included passport numbers, in an email to an employee of an international sports committee. The email was quickly deleted, the document said.
A White House official said he could not confirm the security breach, which was reported to have occurred before the Group of 20 summit meeting last November in Brisbane. “We are looking into the incident, and we will take follow-up action to ensure the president’s privacy and security as appropriate,” said Patrick Ventrell, a spokesman for the National Security Council.
The immigration agency said in a statement that the breach was immediately referred to government authorities. “The data was immediately deleted by the recipient and was not distributed further,” the statement said. “The department has reviewed and strengthened its email protocols to limit and contain future breaches.”
In addition to Mr. Obama, the leaders whose information was disclosed included David Cameron of Britain, Xi Jinping of China, Angela Merkel of Germany, Narendra Modi of India, Shinzo Abe of Japan and Vladimir V. Putin of Russia. Australia did not inform the leaders, The Guardian reported.
The personal information included the leaders’ names, dates of birth, titles, positions, nationalities, passport numbers, visa grant numbers and visa subclass, according to an Australian government document detailing the episode and obtained by The Guardian. Most of that information is publicly available. The White House would not say whether it had changed the president’s passport number as a result of the breach, or if it would.
According to the document, the assistant director of the visa services support section of the Department of Immigration and Citizenship intended to send the information about the 31 leaders to another official “to assist in the department’s overall management of visas” for the G-20 summit meeting. Instead, because of the email program’s auto-fill feature, the message went to someone who worked for the organizing committee of the Asian Cup soccer tournament.
The mistake was noticed within 10 minutes, the document said, and the recipient deleted the email and then emptied his deleted items folder. The sports committee assured the Australian government that there was no record that the email had been forwarded or copied, and that it was not recoverable or stored elsewhere in its system.
“Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” the director of the visa section, who investigated the episode, wrote in the document.
“This was an isolated example of human error,” the director added, “but I will nonetheless take the opportunity to remind staff of their obligations in relation to private client data and how to treat this.”