The government accidentally published the home addresses of more than 1,000 New Year Honours recipients.
The list included celebrities such as Elton John as well as some of the country’s most senior police officers and politicians.
The list was briefly posted to a government website, allowing anyone who visited the page to download it as a spreadsheet.
The file contained postcodes and house numbers of nearly every person recognised in the list. It included celebrities such as TV chef Nadiya Hussain and cricketer Ben Stokes, senior politicians including Iain Duncan Smith, as well as senior police officers.
The Cabinet Office said it had referred itself to the Information Commissioner’s Office and would be contacting anyone involved.
“A version of the New Year Honours 2020 list was published in error which contained recipients’ addresses,” a Cabinet Office spokesperson said.
“The information was removed as soon as possible. We apologise to all those affected and are looking into how this happened.
“We have reported the matter to the ICO and are contacting all those affected directly.”
The ICO confirmed it is “making enquiries” in response to the reports of a data breach.
Nearly 1,100 people were celebrated in the New Year Honours list, which included almost all of their addresses, although some – the six people recognised for their service to defence – were redacted.
Silkie Carlo, director of privacy campaign group Big Brother Watch, said: “It’s extremely worrying to see that the government doesn’t have a basic grip on data protection, and that people receiving some of the highest honours have been put at risk because of this.
“It’s a farcical and inexcusable mistake, especially given the new Data Protection Act passed by the government last year – it clearly can’t stick by its rules.”
In July the ICO announced its intention to fine British Airways £183m for a data breach, which will become the largest penalty ever issued by the regulator once the process is completed.
The ICO later handed out an intention to fine the hotel chain Marriott International £99m after it admitted the guest records of around 339 million people had been accessed.
Additional reporting by the Press Association