Skip to content
Naked Security Naked Security

Celebrity addresses posted online in New Year’s Honours List leak

Too much information.

The UK Cabinet Office just published its latest list of civilian honours that recognise members of the public who are considered to have made a major contribution in fields such as arts, science, medicine, sport or government.

Unfortunately, according to the Guardian newspaper, when the New Year 2020 list was first published, late on the evening of Friday 27 December 2019, it included the home address, work address and full postcode of many the recipients, rather than just the general area where they are based.

The awards include the prestigious Companion of Honour; Knighthoods and Damehoods (awards similar to the US Presidential Medal of Freedom); and a range of other recognitions such as CBE, OBE and MBE – letters that you have probably seen written after the names of famous British people.

Being public awards, the Honours Lists are, of course, a matter of public record, and the full names of the recipients can be downloaded from the UK Government website.

The list usually gives a general idea where each recipient lives, limited to a region (e.g. East Sussex), a city (e.g. Edinburgh) or a postcode district in London (e.g. SW4).

But the Guardian says it was contacted by a reader who downloaded the list shortly after it first appeared, saw full addresses instead of general locations, and realised something was wrong.

The inadvertent leak has caused some consternation in official circles because the award winners include people involved in policing, defence, the judiciary and counter-terrorism.

The good news is that the offending document was replaced online very quickly – apparently within one to two hours – though we don’t yet know how many people downloaded it in its original format.

The Cabinet Office has reported itself to the UK’s data breach authority, the Information Commissioner’s Office (ICO).

The ICO, says the Guardian, has noted that: “In response to reports of a data breach involving the Cabinet Office and the new year honours list, the ICO will be making inquiries.”

Featured image of Bath Star thanks to R. de Salis via Wikipedia.


Get rid of Mark Sedwill, the Cabinet Secretary. He had an equally disastrous security record when he was Permanent Secretary at the Home Office under Theresa May.


Where is AI when you need it? This is as egregious as the Valerie Plame affair. As soon as she was “outed” by a Bush sycophant, every person she had talked to overseas came under suspicion.


Hi Paul, thank you for posting through Christmas and new year’s!! I really appreciate being able to read your posts. Happy New Year!


Thanks! (Every day is the anniversary of the same day a year ago :-)


Except the 29th February 2020 as its a leap year…


Ah. Good point. Also, consider, in the UK and what soon afterwards became the USA, at least (other countries switched much earlier):

duck@slack$ cal 09 1753
September 1753
Su Mo Tu We Th Fr Sa
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
duck@slack$ cal 09 1752
September 1752
Su Mo Tu We Th Fr Sa
1 2 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

And in 2011, the country of Samoa switched its timezone from UTC-12 to UTC+12 (so its working week matched that in Oz and NZ instead of the US) by skipping 2011-12-30!

True story:

I stand corrected, both by you and by myself.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!