“Human error” caused personal details of world leaders attending Brisbane’s G20 Summit to be revealed by the Australian Immigration Department, which did not consider it necessary to inform those world leaders of the privacy breach.

The Guardian reports an employee of the agency inadvertently emailed the passport numbers, visa details and other personal identifiers of all world leaders attending the summit to the organisers of the Asian Cup football tournament.

The US President Barack Obama, Russian President Vladimir Putin, German Chancellor Angela Merkel, Chinese President Xi Jinping, the Indian Prime Minister Narendra Modi, Japanese PM Shinzo Abe, Indonesian President Joko Widodo, and British Prime Minister David Cameron were among those who attended the Brisbane summit in November and whose details were exposed, they said.

• Vladimir Putin praises Australia and Tony Abbott for G20
• Leaders to cement trade pact
• G20 Summit: the talk is done, now it’s time for action 

The Australian Privacy Commissioner was contacted by the director of the visa services division of Australia’s Department of Immigration and Border Protection to inform them of the data breach on November 7, 2014 and seek urgent advice.

In an email sent to the commissioner’s office, obtained by The Guardian under Australia’s freedom of information laws, the breach is attributed to an employee who mistakenly emailed a member of the local organising committee of the Asian Cup held in Australia in January with the personal information.

“The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (i.e prime ministers, presidents and their equivalents) attending the G20 leaders summit,” the officer wrote.

“The cause of the breach was human error. (Redacted) failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person.

“The matter was brought to my attention directly by (redacted) immediately after receiving an email from (the recipient) informing them that they had sent the email to the wrong person.

“The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach.”

The officer wrote that it was “unlikely that the information is in the public domain” and said the absence of other personal identifiers “limits significantly” the risk of the breach.

It continued that the unauthorised recipient had deleted the email and “emptied their deleted items folder”.

“The Asian Cup local organising committee do not believe the email to be accessible, recoverable or stored anywhere else in their systems,” the letter said.

The immigration officer then recommended that the world leaders not be made aware of the breach of their personal information.

“Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” she wrote.

The recommendation not to disclose the breach to the world leaders may be at odds with privacy law in some of their countries, The Guardian reports.

It is not clear whether the Immigration Department subsequently notified the world leaders of the breach after the initial assessment.

The office of the Australian Immigration Minister, Peter Dutton, did not respond to questions.