Addresses of honours list stars are published online by bungling officials

The home addresses of celebrities, counter-terrorism experts and senior police on the New Year’s Honours List have been exposed in a shocking security blunder by the Government.

It is feared that the ‘disastrous’ breach of confidential information could be exploited by kidnappers, spies and terrorists.

The home details of more than 1,000 people who are due to be honoured were accidentally put up online by the Cabinet Office. Pop star Sir Elton John, Bake Off winner Nadiya Hussain and England cricket hero Ben Stokes are among those affected. As the serious error yesterday sent shockwaves through Whitehall, it emerged that:

Nadiya Hussain, 35, who rose to stardom after winning the 2015 Great British Bake Off

Sir Elton John reflected on his disbelief at enjoying the most successful year of his life at 72 but may now face security concerns (left); Nadiya Hussain, 35, who rose to stardom after winning the 2015 Great British Bake Off was awarded an MBE (right)

  • Experts involved in the response to last year’s Salisbury poisonings had their addresses published, putting them at risk of Russian retaliation;
  •  Police are preparing to give security briefings to those feared to be most at risk;
  • Former Cabinet Minister Iain Duncan Smith branded the error a ‘disaster’ after his home address was published;
  •  The Government could be hit by a huge fine by the Information Commissioner’s Office for the data breach.

Police officers and intelligence officials were last night understood to be scouring the dark web to see if the address document is being secretly traded by fraudsters or other criminals.

Whitehall experts say three or four people were likely to have been directly involved in the process of uploading the New Year’s Honours documents to the Government’s official website when the blunder occurred.

The Cabinet Office has launched an internal investigation to identify those responsible.

Mr Duncan Smith, the former Works and Pensions Secretary who was awarded a knighthood, told The Mail on Sunday: ‘This is a disaster, particularly for those who do not have high public profiles but who do incredibly brave work in areas such as counter-terrorism. It is not fair on those whose safety and security is a matter of concern.’ 

Iain Duncan Smith, the former Works and Pensions Secretary who was awarded a knighthood, told The Mail on Sunday: ‘This is a disaster'

ex-Thames Valley Chief Constable Francis Habgood

Iain Duncan Smith, (left) the former Works and Pensions Secretary who was awarded a knighthood, told The Mail on Sunday: ‘This is a disaster’. The homes of high profile law-enforcement were also exposed including ex-Thames Valley Chief Constable Francis Habgood (right)

The ex-Tory leader received death threats and had his constituency office vandalised during the Election campaign.

Ex-Security Minister Lord West said: ‘It’s obviously a major cock-up. I am amazed that there weren’t procedures in place that would stop something like this happening. It’s very serious when you have got a name of somebody and their post and their home address.’

The mistake happened at 10.30pm on Friday when officials uploaded to the website a spreadsheet listing 1,097 recipients of awards. It was only supposed to include the county where they live as well as their name, role, and honour awarded. But it somehow included their exact addresses.

The highly sensitive document was left online for close to an hour – giving plenty of time for criminals to download it – before horrified managers had it deleted.

Simon Winch, a sustainability manager who works in London, was among those who were able to access the sensitive information.

‘I clicked on the link on the website at around 11pm on Friday and the spreadsheet opened up,’ he said.

‘At first I thought everyone on the list had given their permission to publish their personal addresses. But then I saw that some quite sensitive names were on there.’

Cricketer Ben Stokes capped his remarkable year with an OBE

By yesterday morning, it was being discussed on social media and police fear it will have quickly become the talk of the criminal underworld. One senior officer told The Mail on Sunday: ‘There will be some work to see how many times the page was visited and how many times the document was downloaded. But there will also be work ongoing on the dark web to see if it is being offered for sale to criminals or terrorists.’

The officer added: ‘Anyone who is on the list and thought to be a raised threat will be visited by police and given security advice. It is not just about counter-terrorism – there could be a kidnap threat to wealthy individuals.’

The document gives the full or partial home addresses of a host of household names including TV chef Nadiya Hussain, broadcaster Gabby Logan, cricketer Ben Stokes and Sir Elton.

Embarrassingly, it also includes head of the Civil Service, John Manzoni, and a key aide to the Prime Minister, although he or she was not named. Paul Foster, the boss of the Sellafield nuclear site, also had his address published.

High-profile law-enforcement names on the list include controversial former Director of Public Prosecutions Alison Saunders and ex-Thames Valley Chief Constable Francis Habgood.

Mr Habgood, 55, who retired this year, was head of counter-terrorism policing in the South-East, which investigated the March 2018 poisoning attack on former double agent Sergei Skripal and his daughter Yulia in Salisbury.He received a knighthood in the Honours List.

A senior expert at the Defence Science and Technology Laboratory, which was also heavily involved in the investigation and clean-up operations in Salisbury, had his address published. So too did an expert in responding to chemical incidents at the Department for Environment, Food and Rural Affairs.

Top mandarins and quango bosses such as Simon Stevens, chief executive of NHS England, and former Ofcom boss Sharon White also had their addresses shown to the world.

There is particular concern at the inclusion of the addresses of a number of less well-known public servants who carry out important security work and have now seen their own safety threatened by the Government they work for.

These include the head of Royal and VIP security at the Home Office, a policy lead in the Office of Security and Counter Terrorism, and the Defence Secretary’s Chief of Staff.

Martin Hewitt, chairman of the National Police Chiefs’ Council, said: ‘The accidental publication of addresses belonging to New Year’s Honours recipients is a serious mistake.’

Gabby Logan who has received a MBE in the New Year’s Honours List and was affected by the address leak

John Apter, chairman of the Police Federation of England and Wales, which represents rank-and-file officers, said: ‘Those who have received awards will unsurprisingly be angered and concerned about this significant breach of their personal data.’ A number of prison and probation bosses also had their addresses published, putting them at risk of reprisals from former inmates.

An official in the Northern Ireland Security Guard Service (NISGS), which protects military establishments in the province where the terrorist threat remains severe, was also caught up in the mistake. NISGS officers are armed on duty and still take extensive security precautions because of the threat from dissident republicans.

Eamon Keating, chairman of the Defence Police Federation, which represents MoD Police officers who work alongside the NISGS, said ‘significant and real security risks’ remain in the province. He added: ‘Individuals working for the police or security services are still checking their cars every day, altering their routes to work.

‘If it were one of my officers I would be seriously concerned about the security implications of having their home address published, even if only for a short period of time.’

General Lord Dannatt, a former head of the Army, said: ‘What is really unfortunate is that this is handing information on a plate to people who might wish to do ill to others.’ Professor Michael Clarke, former director-general of the Royal United Services Institute think-tank, said: ‘This goes way beyond mere embarrassment. For it to involve the details of people in the business of counter-terrorism, chemical warfare protection, state resilience or state security… is genuinely serious and has got to be regarded as completely unacceptable.’

The Cabinet Office confirmed: ‘A version of the New Year’s Honours 2020 list was published in error which contained recipients’ addresses. The information was removed as soon as possible. We apologise to all those affected and are looking into how this happened. We have reported the matter to the ICO and are contacting all those affected directly.’

The ICO would only say: ‘In response to reports of a data breach involving the Cabinet Office and the Honours List, the ICO will be making enquiries.’