The Cabinet Office has been fined £500,000 mistakenly sharing the addresses of 2020 New Year Honours list recipients including Sir Elton John and cricketer Ben Stokes.
The Information Commissioner's Office (ICO) blasted the "complacency" of the department, which it said had jeopardised the safety of hundreds of people, exposing them to the risk of identity fraud.
TV cook Nadiya Hussain, former Tory leader Sir Iain Duncan Smith and sports presenter Gabby Logan were among more than 1,000 people affected by the 2019 breach.
The information watchdog said the Cabinet Office had failed to put in place "appropriate technical and organisational measures" to prevent the unauthorised disclosure of personal information, in breach of data protection law.
It said a new IT system acquired by the Honours and Appointments Secretariat for processing nominations had been set up incorrectly, which resulted in it generating a file with the addresses of the recipients which was then published on the gov.uk website.
The ICO said the personal data, which appeared on December 27 2019, was available online for a period of two hours and 21 minutes, during which time it was accessed 3,872 times.
It subsequently received complaints from three of the individuals affected who raised personal safety concerns, while 27 contacted the Cabinet Office with similar issues.
ICO director of investigations Steve Eckersley said: "When data breaches happen, they have real life consequences. In this case, more than 1,000 people were affected.
"At a time when they should have been celebrating and enjoying the announcement of their honour, they were faced with the distress of their personal details being exposed.
"The Cabinet Office's complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.
"The fine issued today sends a message to other organisations that looking after people's information safely, as well as regularly checking that appropriate measures are in place, must be at the top of their agenda."
A Cabinet Office spokesperson said: “The Cabinet Office would like to reiterate our apology for this incident.
"We took action to mitigate any potential harm by immediately informing the Information Commissioner and everyone affected by the breach.
"We take the findings of the Information Commissioner very seriously, and have completed an internal review as well as implemented a number of measures to ensure this does not happen again.
"This includes a review of the overall security of the system, information management training and improving internal processes for how data is handled by the honours team.”
