Top civil servants have leaked personal details in error
SOME of Britain’s top civil servants have accidentally exposed their personal contact details online through their mistaken use of a government project management website.
A Telegraph investigation found that some civil servants – including Downing Street’s head of cross-government business engagement at the Prime Minister’s office and a senior private secretary to Crawford Falconer, Britain’s chief trade negotiator – have accidentally leaked their telephone numbers and personal email addresses online.
The leak leaves the senior government figures vulnerable to hacking attacks, which target personal email accounts rather than more secure government systems, experts say.
A cyber security specialist said that the data leaked online was “very valuable” to hackers or intelligence agencies targeting government employees.
The data leak resulted from the government’s misuse of a project management website called Trello, which is widely used in Whitehall by officials.
Government departments, including the Home Office and Cabinet Office, used Trello to communicate and store files, but accidentally made dozens of pages public and accessible to anyone with access to Google search.
One page that has been available for anyone to find through a simple internet search since 2014 was a database of contact information for a number of senior civil servants.
It was created to organise a fundraiser and included the names, work and personal email addresses and phone numbers of civil servants in departments such as the Home Office, Cabinet Office, the Department for International Trade and the Ministry of Justice.
Hackers looking to gain access to government systems use as much data as possible to work out the best way to obtain login information. The leak of personal email addresses gives them a valuable way to to contact targets.
There’s no suggestion that the government’s misuse of Trello has led to any hacking incidents, but the data leak highlights the problems that misuse of such websites can cause.
In June, a Trello spokesman said: “We have put many safeguards in place to make sure that public boards are being created intentionally and have clear language around each privacy setting, as well as persistent visibility settings. It is up to users to correctly establish their own privacy settings on the site.”
The Sunday Telegraph reported yesterday that several departments have accidentally made internal files and emails public. Leaked documents included how to obtain security passes, as well as communications with MI5 and counter-terrorism officials.
A Cabinet Office spokesman said: “We take data protection very seriously, and impress upon all government departments to exercise best practice and implement suitable measures to ensure data is secure when using platforms such as Trello boards.”