The Register
A local authority in East London has committed a classic privacy blunder by emailing what appear to be thousands of residents – while forgetting to use the BCC field and exposing all of the email addresseses to each recipient.
The cockup, which happened on Monday, had locals in the borough of Tower Hamlets receive emails with hundreds of addresses visible.
Register reader Patrick, who was the unlucky recipient of one such message, told us: “The email I received had 400 recipients in the To: field, I assume because Outlook has a limit of 500… Just assuming that I received all the Bs and Cs (and I probably only received a chunk) – then that’s ~5,000 email addresses they leaked.”
The hapless council followed up with a (correctly BCC’d) email apologising to residents, which stated: “I would like to sincerely apologise on behalf of the Council for the administrative error made in sending this email identifying recipients’ individual email addresses. I would like to reassure you that this matter has been reported internally and measures have been taken to avoid such an occurrence in the future.”
We have asked the council if it wishes to comment and will update this article if it responds.
“Was a Mailchimp subscription too hard?!” asked Patrick, rhetorically.
Email privacy blunders are as old as the technology itself. In this day and age of heightened data protection and phishing awareness, such things are taken a bit more seriously than they used to be.