British security services snooped on 20 high-profile individuals in operations that were either unjustified, or may have been unjustified, according to previously withheld information.

The disclosures came during an investigatory powers tribunal hearing brought by Privacy International against bulk data collection by the intelligence agencies.

Information released on Wednesday by government lawyers on behalf of GCHQ and MI5 shows that between 2009 and 2013 there were three searches into high-profile individuals by three intelligence officers that were “not operationally justifiable”.

In the same period there were another 17 searches, by five officers, “which may not have been operationally justifiable”. The lawyers for the security services said there were no records of conversations with those officers, making it “not possible to ascertain whether they were in fact operationally justifiable”.

The unidentified individuals were not notified of the surveillance. The officers were warned that if they were caught misusing the database again they could face disciplinary action.

The government’s lawyers initially refused to release the figures citing the risk of damage to national security.

But the disclosure came on the second day of the four-day hearing, in amended documents, after repeated requests by Privacy International.

Intelligence officers are banned from using the services’ database to “search for and/or access information other than that which is necessary and proportionate for your current work”.

A code of practice adds: “This includes [but is not limited to] searching for information about yourself, other members of staff, neighbours, friends, acquaintances, family members and public figures, unless it is necessary to do so as part of your official duties. You should be prepared to justify any searches you do make.” At the time, the code did not require officers to record reasons for searches.

Millie Graham Wood, a legal officer for Privacy International, said the security services should be more transparent about their mistakes.

She said: “Obtaining the factual background to the use and misuse of bulk communications data has resembled a drip experiment. It was only after several rounds of requests for further information by Privacy International that it was revealed that amongst the instances of misuse of communications data, there were a number of unjustified searches for high-profile individuals.”

She also said the security services should have informed the celebrities concerned, adding: “It should be of serious concern to everyone that there is no procedure to notify victims of any use, still less misuse, of bulk communications data, so that they can seek an appropriate remedy before the tribunal. Without such a mechanism, and in the absence of independent or judicial authorisation, a victim of abuse has no prospect of ever securing a remedy.”

On Tuesday, other documents released to the tribunal revealed that MI5 has been repeatedly resisting independent oversight of its decision to collect communications data from tens of thousands of individuals.

The hearing continues.