The Government Legal Department has launched an investigation after the names of civil servants claiming expenses was published online.
Documents showing officials' names were publilshed on GOV.UK accidentally and stayed up for a week.
The dossier showed credit-card spend at the department of more than £500 between November 2021 and May 2022, which must be published by law for transparency reasons.
The figures included £1,120 spent on a pottery class as part of a team-building day, which 35 officials took part in – a cost of £32 per head.
It also included the names of civil servants, which should not be revealed under data-protection regulations.
The department said it is “investigating this regrettable incident under data-protection rules and reviewing the process which resulted in the names of some staff members being released accidentally on a public website”.
A spokesman for GLD, which gives legal advice on policy, said the department would not be "commenting publicly further at this time”.
Shadow attorney general Emily Thornberry on Sunday criticised the data leak and took aim at the department's use of funds.
She told the Sun: “I don’t know what’s worse, the attorney-general breaching her own data protection rules by mistake or her civil servants spending their working days painting pottery.
“Either way, it’s yet more evidence of a zombie government, lurching aimlessly from one calamity to the next.”
A government source told the newspaper the ceramics painting was took up only part of one training day..
In criticising the away day, Thornberry mimicked recent attacks from attorney general Suella Braverman and government efficiency minister Jacob Rees-Mogg on learning and development courses currently offered to civil servants.
Braverman said earlier this month that she has ordered GLD officials to scrap diversity training after finding staff had spent nearly 2,000 hours on courses last year – around 40 minutes per staff member.
The same week, Jacob Rees-Mogg said officials need "focused learning, not woke folderol" such as courses on privilege.
Thronberry pointed to Braverman's previous comments in a tweet today responding to GLD's announcement it would launch a data breach investigation.
“It seems very odd that Suella Braverman was so furious about her staff doing diversity training but thinks painting pottery instead is just fine," she said.
The GLD error is one of several high-profile data breaches in the last year.
In February, the Department for Levelling Up exposed civil servants' personal data by not properly redacting personal details from a contract document, CSW's sister title PublicTechnology revealed.
In September 2021, the Ministry of Defence launched an investigation into how the identities of 250 Afghanistan-based interpreters who worked with UK forces were compromised in a group email. This followed a national security incident where a civil servant left MoD documents in a “soggy heap” near a bus stop in Kent.