A list of more than 1,000 addresses of New Years Honours recipients, including those of senior police officers and politicians, has been accidentally published by the government.
The file was uploaded to the official website, but has since been removed.
The Cabinet Office told the BBC: “We apologise to all those affected and are looking into how this happened.”
Among the addresses are those of Sir Elton John and former director of public prosecutions Alison Saunders.
Also on the list of 1,097 honours recipients are high-profile names such as cricketer Ben Stokes, former Conservative Party leader Iain Duncan Smith, TV cook Nadiya Hussain, and former Ofcom boss Sharon White.
A government spokesman said: “A version of the New Year Honours 2020 list was published in error which contained recipients’ addresses.
“The information was removed as soon as possible.
“We have reported the matter to the ICO [Information Commissioner’s Office] and are contacting all those affected directly.”
The ICO, which has the power to fine organisations for data breaches, said it will be “making enquiries”.
‘Much depends on the attitude of those affected’
There is no doubt that this is a serious data breach and the government, of all organisations, should be better acquainted with the law on disclosing sensitive personal information.
But while some of the celebrities and the police officers awarded honours may be concerned about their privacy and security, it would have been far more serious if the home addresses of those on the list of gallantry awards had been leaked.
The Information Commissioner’s Office has so far only levied one fine under the new Data Protection Act which came into effect in 2018 – a London pharmacy was fined £275,000 for careless storage of the very sensitive medical data of half a million people.
Lawyers who specialise in data protection think the ICO will see this as a less serious case of human error and may let the Cabinet Office escape with a warning about improving its practices.
But they say much now depends on the attitude of those who have seen their data leaked – they could decide to bring civil claims against the government for putting in the public domain information many of them have been determined to keep private.
Data rights lawyer Ravi Naik said the government could face legal action from those whose addresses were published, as well as from the ICO.
He also warned that anyone who came across the information should tell the ICO and not pass it onto others – because they themselves might face legal action.
Simon Winch, a sustainability professional from London, was among those who were able to access the sensitive information.
He told the BBC: “I clicked on the link on the gov.uk website at around 11pm on Friday and the spreadsheet opened up.
“At first I thought everyone on the list had given their permission to publish their personal addresses. But then I saw that some quite sensitive names were on there.”
Another source told the BBC they accessed the file just after midnight on Saturday but were unable to do so by 05:00 GMT.
The Cabinet Office said the document was visible for around an hour.
Most of the entries in the spreadsheet include full addresses – including house numbers and postcodes.
A separate list, that does not appear to be involved in the breach, covers gallantry awards for police, ambulance and fire staff and military personnel.