The Information Commissioner’s Office fined the U.K. government £500,000 for disclosing details of the recipients of its so-called New Year Honours — which reportedly included Elton John and the former leader of the Conservative Party Iain Duncan Smith, the regulator said Thursday.
The fine comes after the U.K. Cabinet Office published a file online containing the names and unredacted addresses of more than 1,000 people in the Honours list, which is a roll of Brits who have excelled in their field announced by the government at the start of every year.
“The Cabinet Office’s complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety,” Steve Eckersley, the ICO’s investigations director said in a statement.
The ICO said the data, which the Independent reported included Elton John’s and Duncan Smith’s details, was online for 21 minutes and accessed 3,872 times.
A Cabinet Office spokesperson said: “The Cabinet Office would like to reiterate our apology for this incident. We took action to mitigate any potential harm by immediately informing the Information Commissioner and everyone affected by the breach.”
The spokesperson added: “We take the findings of the Information Commissioner very seriously, and have completed an internal review as well as implemented a number of measures to ensure this does not happen again. This includes a review of the overall security of the system, information management training and improving internal processes for how data is handled by the honours team.”
Source: Politico