Names of 76 asylum seekers involved in legal actions published on Courts Service website due to filing error
For some asylum cases, only case numbers and initials are normally published — with no names of applicants or lawyers mentioned. However, a report on the data breach said this had not happened, meaning reference numbers, party names, and some cases, details were online. Picture: Larry CumminsÂ
The names of 76 asylum seekers involved in legal actions were published on the Courts Service website over a period of at least seven years due to a filing error that went undetected until last autumn.
A data breach incident form warned those affected could encounter “significant consequences, which they should be able to overcome, albeit with real and serious difficulties".
It said the full impact on them was not yet known, but the breach had spanned “various” periods between 2017 and its discovery last September.
Internal emails said the cases had been filed using the wrong category on the website, leaving them publicly viewable for an extended time.
For some asylum cases, only case numbers and initials are normally published — with no names of applicants or lawyers mentioned.
However, a report on the data breach said this had not happened, meaning reference numbers, party names, and some cases, details were online.
It said the issue was reported by a staff member only after a query from a local newspaper.
The form said the information had been removed and the data protection unit notified.
The document explained: “IT was contacted and given a schedule of affected cases requesting them to mark the matters in-camera and also to push an update through to website to remove the details from the public domain.”Â
It said an email had also been circulated to staff reminding them of procedures and keywords to look out for when categorising cases.
The Courts Service also organised refresher training and introduced “preventative measures” to ensure there could not be a repeat.
A report said: “Breach was notified to senior management and the Court President on 22nd September [2025], and DPU [data protection unit] was contacted late due to an internal oversight.”Â
In internal emails, the DPU said it only learned of the breach in late October, more than a month after its discovery.
A message said: “I would believe that at the time, correcting the matter was the priority of your office and understandably this is potentially why the DPU was not notified at the time.
“However, as it appears that this was a breach of personal data, we are obliged to record and investigate the matter.”Â
Asked about it, a spokesman for the Courts Service said: “Recently, an error was made in the filing of a small number of asylum cases, which resulted in names appearing on our database, but not on the legal diary.
“We have updated our processes so that the names of applicants for appeals of international protection decisions on High Court search and in published court lists are anonymised."
CONNECT WITH US TODAY
Be the first to know the latest news and updates
