The passport numbers and Visa details of 31 world leaders were accidentally emailed to the organisers of the Asian Cup in Australia before the G20 summit in Brisbane in November 2014.
A worker at the Australian Department of Immigration sent the list by mistake.
The department decided there was no need to alert the G20 attendees.
“Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” an unnamed Depart of Immigration director wrote to the Australian Privacy Commissioner in an email obtained by the Guardian following a Freedom of Information request.
Both the sender of the email and the recipient had deleted it within 10 minutes of it being sent, the officer explained, and the Asian Cup football tournament organisers said they did not believe the email was accessible or stored on their servers.
The message included the 31 world leaders’ dates of birth but not personal addresses and other contact details.
The breach was said to be the result of “human error”, with the sender forgetting to check the auto-fill function in Microsoft Outlook’s email service before hitting send.
“There was nothing systemic or institutional about the breach,” continued the email from the government official.
“It should also be noted that the personal details of these individuals, including their names, positions and dates of birth are generally already available in the public domain given their prominent positions.”