Australian Immigration Department in World Leaders' Security Breach

15 April 2015


The personal details of world leaders including Cameron, Merkel, Modi, Obama and Putin, were accidentally sent to Asian Cup football tournament organisers. Despite the security breach, the Australian Immigration Department did not deem it necessary to inform world leaders of the incident.

In an exclusive report published by the Guardian newspaper, it was revealed that an employee of Australia's immigration agency sent passport numbers, visa details and other personal information of all the world leaders attending the G20 summit in Brisbane on November 7, 2014, to Asian Cup organisers.

Attendees affected were World Leaders

The details of attendees of the G20 summit including United States President, Barack Obama, the Russian President, Vladimir Putin, the German Chancellor, Angela Merkel, the Chinese President, Xi Jinping, the Indian Prime Minister, Narendra Modi, the Japanese Prime Minister, Shinzo Abe, the Indonesian President, Joko Widodo, and the British Prime Minister, David Cameron, were among those whose details were revealed in error.

Breach revealed to Australia Privacy Commissioner

The director of the visa services division of Australia's Department of Immigration and Border Protection contacted the Australian Privacy Commissioner to seek "urgent advice" of the breach.

Correspondence sent to the privacy commissioner's office via email was acquired under Australia's freedom of information laws. The email reveals that the breach was the fault of an employee who mistakenly emailed a member of the local organising committee of the Asian Cup, which took place in January 2015.

Email contained personal information

The email from the immigration officer who provided details of the breach stated the following:

"The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (i.e. prime ministers, presidents and their equivalents) attending the G20 leaders summit.

The cause of the breach was human error. [Redacted] failed to check that the autofill function in Microsoft Outlook had entered the correct person's details into the email 'To' field. This led to the email being sent to the wrong person.

The matter was brought to my attention directly by [redacted] immediately after receiving an email from [the recipient] informing them that they had sent the email to the wrong person.

The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach."

The officer who wrote the email also explained that the personal details are 'unlikely to be in the public domain' and stated that the absence of other personal identifiers 'significantly limited' the risk of the breach. The unintended recipient of the email had promptly deleted it and emptied their deleted items folder.

World leaders unaware of security breach

The immigration officer in the email went onto to advise Australian authorities not to reveal to World leaders about the breach in security relating to their personal information. The officer wrote: "Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach."

The recommendation not to disclose the breach to world leaders may be in breach of privacy laws in some of the countries whose leaders were affected by the breach. Britain, Germany and France all require those affected by data breaches to be notified. However, as this happened in Australia this may not be relevant.

Unclear if Australian immigration notified World leaders of breach

It is unclear if the Australian Immigration Department did subsequently notify the world leaders involved of the breach.

Perhaps not surprisingly, the office of the Australian Immigration Minister, Peter Dutton, was reluctant to answer questions.

Tanya Plibersek, Australia's deputy opposition leader, was quick to capitalise on the blunder. She immediately called for Prime Minister, Tony Abbott, to give an explanation as to why world leaders were not notified of the situation.

She said: "The prime minister and the immigration minister must explain this serious incident and the decision not to inform those affected."

Embarrassment to Australia Immigration

More embarrassing for the Australian government is that revelations of this gaffe come just one week after controversial, mandatory data retention laws were passed.

Greens Senator, Sarah Hanson-Young said: "Only last week the government was calling on the Australian people to trust them with their online data, and now we find out they have disclosed the details of our world leaders. This is another serious gaffe by an incompetent government."

Previous Australia Immigration Data Breach

The latest revelation regarding massive data breach in Australia is actually nothing new. It's immigration department is also the culprit for the country's biggest ever data breach by a government agency; the personal details of nearly 10,000 people in detention – most of whom were asylum seekers – became available in a publicly accessible file on the agency's website.

Workpermit.com Australian Immigration Visa Services:

Australia has a number of skilled immigration visa schemes. workpermit.com can help. Call the workpermit.com London office on 0344 991 9222 for further details.

Written by Daniel Waldron and Sanwar Ali

Edited by Sanwar Ali