The Home Office has admitted to a major data security blunder by publishing personal information pertaining to 1,598 illegal immigrants on its website for two weeks.

The Home Office has admitted to leaking the personal data of 1,598 illegal immigrants on its website for two weeks.
The Home Office has admitted to leaking the personal data of 1,598 illegal immigrants on its website for two weeks. (Reuters)

The data was available between 15-28 October in a spreadsheet on a webpage dealing with the immigration family returns process.

The spreadsheet was freely available to download, listing names, dates of birth and some limited details about the individuals' immigration case type and status.

The Home Office says that there were less than 30 visits to the webpage, which was removed immediately by the department when they realised the mistake on 28 October.

"It has not been possible to ascertain whether those who visited the webpage went on to open the data sheet in question or accessed the part of the data sheet which contained the personal information," said the Minister for Immigration Mark Harper in a statement.

"Measures have been put in place to prevent a recurrence of the error and verify that no similar error has previously taken place."

Investigation

The Home Office has informed the Information Commissioner's Office and is currently undertaking an internal investigation into the matter. It is also notifying the individuals whose data was exposed on the website.

In late October, the Ministry of Justice was fined £140,000 after personal data of over 1,000 Cardiff prison inmates was accidentally emailed to the families of three prisoners.

"There already exists a Government Protective Marking Scheme (GPMS) which requires all UK Government and public sector organisations to apply security classifications to information assets, so for the incident in question the data should have had a security label applied," Martin Sugden, the CEO of secure information exchange provider Boldon James told IBTimes UK.

"There are numerous technologies such as DLP and Data Classification solutions which, if combined as part of a layered security approach, could have stopped this incident from occurring in the first place."