The data covered every Welsh resident who tested positive for the coronavirus between February 27 and August 30.
After being alerted to the breach, which Public Health Wales said was the result of ‘individual human error’, the data was deleted on the morning of August 31.
In the 20 hours of it being uploaded, it has been viewed 56 times.
In 16,179 of the cases, the information released included people’s initials, date of birth, geographic location and gender, PHW admitted.
However, for 1,926 people living in nursing homes or other closed settings such as supportive housing, or residents who shared the same postal codes as these settings, the information also included the name of the setting. .
A spokesperson for Public Health Wales said: ‘There is no evidence at this point that the data has been misused.
“However, we recognize the concern and anxiety this will cause and we deeply regret that on this occasion we have failed to protect the confidential information of Welsh residents.”
The Information Commissioner’s Office and the Welsh Government have been notified and an external investigation into the breach has been ordered.