Fears leaked New Year’s Honours addresses have already been sold on the dark web – as ex-Civil Service leader slams ‘serious and extraordinary’ data breach
- Lord Kerslake has demanded an urgent investigation into the massive data leak
- Police officers are scouring the dark web to see if it has been traded
- The Cabinet Office could face a fine of up to £17million if it broke data rules
The leak of more than 1,000 addresses of people on the New Year’s Honours list was slammed as a ‘serious and extraordinary breach’ by a former Civil Service boss yesterday.
Lord Kerslake has demanded an urgent investigation into the accidental publication of the confidential information by the Cabinet Office.
His intervention comes amid fears that home addresses of celebrities, MI5 officers, police and military officials who received new year honours are already for sale on the dark web.
Sir Elton John, Bake Off winner Nadiya Hussain and TV presenter Gabby Logan are among those affected.
Sir Elton John and Great British Bake Off winner Nadiya Hussain are among those affected by the huge data leak
Experts involved in the response to last year’s Salisbury poisonings had their addresses published, putting them at risk of Russian retaliation.
The Cabinet Office, which is responsible for the UK’s National Cyber Security Strategy, could face a fine of up to £17million if it is found to have broken data rules.
The mistake happened at 10.30pm on Friday when officials uploaded a spreadsheet listing 1,097 recipients of awards to the gov.uk website. It was only supposed to include the county where they live as well as their name, role, and honour awarded. But it actually included their exact addresses.
The highly sensitive document was left online for around an hour before managers deleted it.
Gabby Logan’s address was included in the leak
But the boss of a computer software company said a version of the list could be found on the internet for a further five hours – giving criminals plenty of time to download it.
Police officers and intelligence officials are understood to be scouring the dark web to see if the address document is being secretly traded by criminals.
Lord Kerslake, who was head of the Civil Service from 2012 to 2014, said an investigation was needed.
‘It’s a serious and indeed extraordinary breach because this is a well-established process that has gone on in pretty much the same way for years. I think an urgent investigation is certainly needed,’ he told the BBC.
Lord Kerslake has led calls for an inquiry after the Cabinet Office apologised, saying it had reported its error to the Information Commissioner’s Office and contacted ‘all those affected directly’. He added: ‘We need to know how well staff were trained about the importance of maintaining security. Were they briefed on the potential consequences if this information was released?’
High-profile law-enforcement names on the list include controversial former Director of Public Prosecutions Alison Saunders and ex-Thames Valley Chief Constable Francis Habgood.
Lord Kerslake (pictured), who was head of the Civil Service from 2012 to 2014, said an investigation was needed
Mr Habgood, 55, who retired this year, was head of counter-terrorism policing in the South East, which investigated the March 2018 poisoning attack on former double agent Sergei Skripal and his daughter Yulia in Salisbury.
He received a knighthood in the Honours list.
An expert at the Defence Science and Technology Laboratory, which was also heavily involved in the investigation and clean-up operations in Salisbury, had his address published.
Others on the list included the head of Royal and VIP security at the Home Office, a policy lead in the Office of Security and Counter Terrorism, and the Defence Secretary’s chief of staff.
Richard Walton, who headed anti-terror operations at Scotland Yard until 2016, told the Sunday Times that extra security must be considered for those in sensitive posts, adding: ‘The release of private addresses of these individuals into the public domain will be a threat.’