‘Reply all’: DFAT exposes Australian’s personal details in email stuff up

Australia's Foreign Affairs Department inadvertently leaked intimate details about an Australian citizen's family member to hundreds of people stranded overseas, in another privacy breach caused by hitting the wrong email button.

The Sun-Herald and The Sunday Age can reveal last month’s privacy breach involving more than 2700 Australians stranded overseas was not the first time the Department of Foreign Affairs and Trade has mistakenly disclosed the personal details of its citizens during the coronavirus.

Tens of thousands of Australians are still stranded overseas.Credit:

While last month's mishap was caused by putting recipients' email addresses in the "Cc" section, instead of "Bcc", this mistake is believed to have involved clicking "reply all", instead of just "reply".

On July 29, Australia's Bogota embassy in Colombia forwarded a sensitive and private email from a concerned citizen to more than 300 Australians stuck in South America.

The email went into detail about a family member's visa conditions and the distress surrounding their circumstances. It contained the name, profession, phone number and private email of the Australian citizen.

The embassy then accidentally sent the email to every Australian who had registered on its "return to Australia" mailing list.

It sent a follow-up email to the recipients attempting to "recall" the message – but the email stayed in their inbox. Another email was sent days later asking them to delete the email.

DFAT did not contact the Australian citizen whose details were exposed until two weeks later on August 12, telling the person that their details had been sent to at least 300 Australians stuck overseas.

One of the recipients, who wished not to be named, said he was concerned by the privacy breach.

"The embassy made a futile attempt to recall the email shortly afterwards, however the email never left my inbox," the Australian said.

"This follows a pattern of fairly unprofessional behaviour from the embassy since this crisis began, with confusing and sometimes contradictory information sent out where they have had to issue corrections after sending out faulty information."

On September 30, the personal email addresses of 2727 people stuck overseas were accidentally revealed to one another.

In that instance, DFAT contacted Australians offering them interest-free loans if they had been financially hurt by delays caused by the cap on citizens returning to Australia.

The addressees were mistakenly listed in the "to" field, rather than "bcc", making the email addresses of Australians who had registered as wanting to return home visible to other recipients.

DFAT tried unsuccessfully to recall the email in that instance as well.

Opposition foreign affairs spokeswoman Penny Wong said the Morrison government needed to sort out DFAT and not let "these egregious and potentially dangerous privacy breaches keep happening".

“We’re seeing privacy breach after privacy breach and empty announcement after empty announcement – but do you know what we’re not seeing? A plan from the Morrison government to help stranded Australian families get home," Senator Wong said.

DFAT was contacted for comment

Trump Biden 2020

Our weekly newsletter will deliver expert analysis of the race to the White House from our US correspondent Matthew Knott. Sign up for The Sydney Morning Herald‘s newsletter here, The Age‘s here, Brisbane Times‘ here and WAtoday‘s here. 

Most Viewed in Politics

Source: Read Full Article