The Saudi Arabia email leak took place in 2015 but personal medical data is still available to access in the files on WikiLeaks' site

More than a year since WikiLeaks' Saudi Arabia email leak was exposed, it is still possible to access private medical records from 'innocent' individuals on the WikiLeaks site.

The organisation aims to bring important news and information exposing corrupt governmental practices to the public, such as in the Saudi Arabia data dump which took place in June 2015. However, in its quest to reveal governmental secrets, WikiLeaks also published private medical files and credit card data belonging to individuals not linked to the government.


The same practice also occurred in the US Democratic National Committee email leaks in July this year, with private information readily available on the site.

The records include sensitive medical, financial and identity reports that are available to anyone via WikiLeaks' website, as reported by Associated Press. AP points out that in severe cases, teenage rape victims have had their details published, cancer diagnoses are publicised, as well as the name of a Saudi citizen arrested for being gay. This is particularly pressing as homosexuality is punishable by death in Saudi Arabia.

Read next London’s rental market is being flooded by bargain Airbnb listings London’s rental market is being flooded by bargain Airbnb listings

WikiLeaks maintains it is a journalistic organisation, yet it is against the law in the UK for media organisations to publish the identification of rape victims, under the Sexual Offences Act 1992.

An example of a private medical record that is accessible through WikiLeaks


Since 2008, WikiLeaks has exposed secret governmental documents detailing appalling prison conditions in Fallujah, Iraq, revealed European farm reforms, and the illegal spying on German journalists by intelligence agencies. The website for the organisation states it has been developing and improving a “harm minimisation procedure” in its work.

Furthermore, it adds: "We do not censor our news but from time to time we may remove or significantly delay the publication of some identifying details from original documents to protect life and limb of innocent people."

However, the data that outlines medical records as exposed by AP are still available on WikiLeaks’ site at the time of writing.

Read next What is GDPR? The summary guide to GDPR compliance in the UK What is GDPR? The summary guide to GDPR compliance in the UK

AP contacted individuals in Saudi Arabia whose information had been exposed, reporting that some were unaware of the data leak whilst others were horrified about their private data being available on the site.


WikiLeaks says it will protect ordinary citizens from being affected by its email leaks, as outlined in its harm minimisation protocol

A Saudi man found that his phone, address and name were all published on WikiLeaks in a document revealing the details of a paternity dispute with a former partner. "If the family of my wife saw this...publishing personal stuff like that could destroy people," he told AP.

In the more recent Democratic National Committee email leak, more than 24 social security and credit card numbers were exposed and two people told AP they had been targeted by identity thieves following the leak.

When WikiLeaks first began exposing the secrets of governments, it worked with other journalists to scrutinise the information revealed to the site in order to flag sensitive material. However, editor-in-chief Julian Assange was reportedly frustrated with the process as it was time-consuming and expensive.

Read next Who will really benefit from the EU's big data plan? Who will really benefit from the EU's big data plan?

AP further reported that in a speech to London's Frontline Club in 2010, Assange said: "We can't sit on material like this for three years with one person to go through the whole lot, line-by-line, to redact. We have to take the best road we can."

As a result of this, past supporters of WikiLeaks have been critical about this approach, such as Edward Snowden. The National Security Agency leaker, whose asylum in Russia WikiLeaks helped broker, suggested recently the organisation should 'take more care to curate its work.'

In addition, not only are there privacy issues with the data dumps, but according to Vesselin Bontchev, a researcher at the Bulgarian Academy of Sciences’ National Laboratory of Computer Virology, there are hundreds of pieces of malicious software in the exposed reports that could put the site's readers at risk.

<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Ridiculous story by AP' today re-run from 2015: <a href="https://t.co/X26slDSFBV">https://t.co/X26slDSFBV</a> Saudi gov already has the data, obviously: <a href="https://t.co/2CGF7X4gPl">https://t.co/2CGF7X4gPl</a></p>— WikiLeaks (@wikileaks) <a href="https://twitter.com/wikileaks/status/768041458624528385">August 23, 2016</a></blockquote>

<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>


AP told WIRED it worked on the original story in 2015, analysing the information released from the Saudi Arabia files. When going through the documents, it noticed that a lot of the data included was fairly trivial compared to the big revelations of corrupt governmental practices, and also some medical records were included. At this stage though, the reporting for the story was coming to an end so the inclusion of medical records in the files was mentioned in the 2015 piece, but not in great detail.

After subsequent data dumps and the pieces that followed, particularly about the Turkey files, detailing how published was about private individuals, AP's Raphael Satter went back to the Saudi Arabian files, as well as combing through the Turkey and DNC documents to see that private information was also included throughout. This was how the team uncovered the medical and identity records that are still available on WikiLeaks and prompted the latest update.

At the time of writing, WikiLeaks had not responded to a request for comment by WIRED. It's official Twitter handle did brand the AP story "ridiculous" and accused the site of simply re-running old news.