Cabinet Office served with £500k fine for New Year's honours data breach

13 December 2021

The Cabinet Office has been hit with a £500,000 by the UK’s data watchdog after the postal addresses of the 2020 New Year honours recipients were disclosed online.

The Information Commissioner’s Office (ICO) found officials failed to put in place “appropriate technical and organisational measures” to prevent the unauthorised disclosure of personal information in breach of data protection law.

Public figures who had their home addresses published on 27 December 2019 on the website included Sir Elton John, the cricketer Ben Stokes, NHS England’s then chief executive, Simon Stevens, the TV chef Nadiya Hussain and the former director of public prosecutions Alison Saunders. The inadvertently published list also included more than a dozen MoD employees and senior counter-terrorism officers.

The largest fine imposed by the ICO was a £20m punishment for British Airways following a hack of customer data in 2018. Marriott Hotels was fined £18.4m, also following a data breach.

A Cabinet Office spokesperson said: “The Cabinet Office would like to reiterate our apology for this incident … We take the findings of the Information Commissioner very seriously, and have completed an internal review as well as implemented a number of measures to ensure this does not happen again.”