The Foreign and Commonwealth Office has been found to have breached the Data Protection Act following an investigation.
The Information Commissioner's Office (ICO) investigated the Foreign and Commonwealth Office (FCO) after Channel 4 News alerted it to the fact that personal details belonging to visa applicants were accessible by anyone visiting certain websites.
The ICO was alerted to a security breach on the website of UKvisas, the joint Home Office and FCO directorate responsible for visa processing, and immediately launched an investigation into the site. The problem emerged back in May on the visa application websites run by UKvisas' commercial partner, VFS.
As soon as the breach was exposed, UKvisas closed down all of the VFS-run websites in India, Nigeria and Russia in order to rectify the problem.
The FCO has signed a formal undertaking to comply with the Data Protection Act, with failure to do so resulting in further ICO action.
Mick Gorrill, assistant commissioner at the ICO, said organisations have a duty to keep personal information secure and failure to do so will lead to people losing confidence and trust in them.
Mark Sedwill, director of UKvisas, said the organisation regrets that mistakes were made but no evidence has been found that the details were exploited and no visas were wrongly issued as a result.