World leaders, including Barack Obama and Vladimir Putin, had their personal details accidentally shared before last year's G20 summit in Brisbane.
But Australia's Department of Immigration and Border Protection (DIBP) determined that it was not necessary to notify the presidents, prime ministers, and other representatives of the privacy breach.
Passport numbers, visa details, and the dates of birth of leaders attending the Brisbane summit last November were accidentally sent by a department employee to a member of the Asian Cup Local Organising Committee.
An email from the DIBP to the privacy commissioner, obtained under Freedom of Information by The Guardian, reveals that the breach was reported less than 10 minutes after the email was sent.
The receiver of the email informed the department that he had deleted it, and that there was no other copy.
"The Asian Cup Local Organising Committee do not believe the email to be accessible, recoverable, or stored anywhere else in their system," the email stated.
The director of the DIBP's visa services division sought urgent advice, but stated that because the risks of the breach were considered to be very low, he did not believe it was necessary to notify the leaders.
"Given the steps taken to contain the breach outlined above, it is unlikely that the information is in the public domain," the email said.
The absence of other personal data, like addresses or contact details, limited the potential risk of the breach, it said.
The email labels it an "isolated example of human error".
It is not clear whether the leaders were eventually notified of the breach.
The offices of Immigration Minister Peter Dutton and Scott Morrison, who was responsible for the portfolio at the time, have been contacted for comment.
This incident is far from the first time that the DIBP has found itself in hot water for sharing personal details. In February last year, DIBP published the details of approximately 9,250 asylum seekers.
A report from the Office of the Australian Information Commissioner (OAIC) found DIBP to be in violation of the Privacy Act.
The source of the privacy breach was determined to be the copying and pasting of a chart from Microsoft Excel into Microsoft Word by a DIBP staff member, which resulted in the underlying data to render the chart being embedded in the Word document.
The OAIC found this action to be contrary to departmental policy to export charts as images, but that the policy did not explain why this direction existed, or what risks would be negated in following it.
By November 2014, the OAIC said it had received more than 1,600 privacy complaints as a result of the breach, and expected complaints would continue to be received.