The UK Cabinet Office just published its latest list of civilian honours that recognise members of the public who are considered to have made a major contribution in fields such as arts, science, medicine, sport or government.
Unfortunately, according to the Guardian newspaper, when the New Year 2020 list was first published, late on the evening of Friday 27 December 2019, it included the home address, work address and full postcode of many the recipients, rather than just the general area where they are based.
The awards include the prestigious Companion of Honour; Knighthoods and Damehoods (awards similar to the US Presidential Medal of Freedom); and a range of other recognitions such as CBE, OBE and MBE – letters that you have probably seen written after the names of famous British people.
Being public awards, the Honours Lists are, of course, a matter of public record, and the full names of the recipients can be downloaded from the UK Government website.
The list usually gives a general idea where each recipient lives, limited to a region (e.g. East Sussex), a city (e.g. Edinburgh) or a postcode district in London (e.g. SW4).
But the Guardian says it was contacted by a reader who downloaded the list shortly after it first appeared, saw full addresses instead of general locations, and realised something was wrong.
The inadvertent leak has caused some consternation in official circles because the award winners include people involved in policing, defence, the judiciary and counter-terrorism.
The good news is that the offending document was replaced online very quickly – apparently within one to two hours – though we don’t yet know how many people downloaded it in its original format.
The Cabinet Office has reported itself to the UK’s data breach authority, the Information Commissioner’s Office (ICO).
The ICO, says the Guardian, has noted that: “In response to reports of a data breach involving the Cabinet Office and the new year honours list, the ICO will be making inquiries.”
Featured image of Bath Star thanks to R. de Salis via Wikipedia.
_in_1935.jpg){kind=link}
Terry
Get rid of Mark Sedwill, the Cabinet Secretary. He had an equally disastrous security record when he was Permanent Secretary at the Home Office under Theresa May.
rrogers31
Where is AI when you need it? This is as egregious as the Valerie Plame affair. As soon as she was “outed” by a Bush sycophant, every person she had talked to overseas came under suspicion.
R. Dale Barrow
Somebody wasn’t in the Christmas spirit. You’re supposed to make your list and check it *twice*. :)
Tara
Hi Paul, thank you for posting through Christmas and new year’s!! I really appreciate being able to read your posts. Happy New Year!
Paul Ducklin
Thanks! (Every day is the anniversary of the same day a year ago :-)
Alginald
Except the 29th February 2020 as its a leap year…
Paul Ducklin
Ah. Good point. Also, consider, in the UK and what soon afterwards became the USA, at least (other countries switched much earlier):
duck@slack$ cal 09 1753
September 1753
Su Mo Tu We Th Fr Sa
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30
duck@slack$ cal 09 1752
September 1752
Su Mo Tu We Th Fr Sa
1 2 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
And in 2011, the country of Samoa switched its timezone from UTC-12 to UTC+12 (so its working week matched that in Oz and NZ instead of the US) by skipping 2011-12-30!
True story:
https://nakedsecurity.sophos.com/2011/12/30/samoa-to-move-to-other-side-of-world/
I stand corrected, both by you and by myself.