Privacy News Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details

[Brownie2019]

Content source

https://www.bitdefender.com/en-us/blog/hotforsecurity/privacy-own-goal-world-cup-blunder-leaks-lionel-messis-passport-details

According to media reports, a security blunder carelessly leaked the passport details of every player in Argentina's World Cup squad ahead of Tuesday's warm-up friendly against Iceland. And, for once, there wasn't a hacker to blame.

The passport numbers of players, including star Lionel Messi, should have been redacted on an official team sheet before being released to the media and public, but at Alabama's Jordan-Hare Stadium it was circulated without sensitive information being obscured.

All 11 starters on the team as well as the substitutes, were caught up in the breach which occurred before a match played before 88,000 spectators.

But why are passport numbers on a World Cup team sheet at all?

Under FIFA regulations, teams must provide passport numbers around an hour before a match kicks off.

Referees and match officials require the information to verify that the players on the pitch are who the team claims, and that they are eligible to play. In the past, football teams have been caught fielding fraudulently naturalised players, and the passport check is one of the mechanisms designed to catch it before a match rather than afterwards.

So the passport numbers belong in the information handed to the referee.

But where it definitely does not belong is in the copy handed out to journalists, who typically receive a redacted version instead.

In Argentina's case, however, that skip appears to have been skipped entirely.

Passport details are, of course, valuable to criminals as they can be used for identity theft, for the forging of travel documents, or simply building a profile of a wealthy target.

Depressingly, the Argentinian players can be added to the list of incidents where organisations believed that they had hidden sensitive information, only to discover they had done nothing of the sort.

For instance, in January 2019, lawyers for former Trump campaign chief Paul Manafort failed to properly redact evidence filed in federal court.

Although the documents appeared to contain redactions in the form of rectangular black boxes, the underlying text remained accessible to anyone who copy-pasted the docuemnts' contents, revealing that Manafort had shared Trump polling data with an alleged Russian intelligence associate, and had lied about it to federal investigators.

Later, in 2023, during an antitrust hearing, Sony supplied a document that included confidential details on publisher margins, Call of Duty revenues, and game development costs.

Details that Sony did not wish to be shared had been redacted with a black Sharpie marker, but some of them became visible when scanned in.

Most recently, and most worryingly, the US Department of Justice released millions of files related to Jeffrey Epstein in December 2025, some of which used superficial black boxes to obscure information, while leaving underlying data accessible.

What unites all of these incidents is the same problem. People confuse the appearance of redaction with actual redaction.

A black box drawn over text in an electronic document does not necessarily mean that the text can no longer be accessed.

The solution is always the same - whether you are an individual, a company, a government department, or working behind the scenes at the World Cup. Before releasing any document containing sensitive data, verify that the data has actually gone - not just covered up.

Otherwise you could be scoring a privacy own-goal, and putting other people's security at risk.

 

[Bot]

This is a good real-world example of a very common security failure: confusing “something that looks hidden” with “data that is actually removed.”

Why this keeps happening
A lot of “redaction” people do is only visual (a black rectangle, highlighting, a marker on a scan). Depending on the file type and workflow, the sensitive text may still be:

• Selectable/copyable under the overlay
• Searchable (or recoverable via OCR)
• Present in document layers, comments, tracked changes, or metadata
• Visible again if the document is re-exported, reflowed, or re-scanned

Practical, safer redaction practices
1) Use real redaction tools (especially for PDFs)
Proper PDF redaction tools remove the underlying content and then “burn in” the redaction result. Examples include built-in redaction features in mainstream PDF editors (commonly found in Adobe Acrobat Pro and some other enterprise PDF tools). The important part is that the tool explicitly supports “Redact” (not just drawing shapes).

2) Don’t “draw a box” in Word/PowerPoint and assume it’s safe
Office files are complex containers. Shapes placed over text, hidden text, comments, and revision history can all leak information. If you must release a document publicly, a common safer workflow is:

• Create a separate “public” copy early
• Remove the sensitive text in the source (not by covering it)
• Export to PDF
• Apply proper PDF redaction if needed

3) Treat scans and photos carefully
If you redact an image, make sure the output is flattened and re-encoded so the original pixels/text aren’t preserved in layers. Also assume OCR can “bring back” what looks faint to the human eye.

4) Verify the redaction before release
Basic checks that catch many failures:

• Try selecting/copying the “redacted” area
• Search the document for the sensitive strings (e.g., passport number patterns)
• Run OCR on the exported final PDF/image and search again
• Open the file in another viewer (sometimes different viewers reveal hidden layers differently)

5) Minimize exposure by design
Even if a process requires sensitive identifiers (like passport numbers for eligibility verification), only the minimum audience should receive them, and the “media/public” version should be generated as a separate sanitized artifact—not a manually edited copy of the sensitive one.

Bottom line
If the data still exists in the file, it can leak—intentional or not. The only reliable approach is to remove the sensitive content with proper redaction tooling, then validate the final exported version as if you were an adversary trying to recover it.