An email sent to customers about the move of the AddressPal service from one post office in Cork to another accidentally had all 250 recipients’ email addresses in the ‘To’ field rather than 249 of them being in the ‘Bcc’ (blind carbon copy) field. This meant every customer who received the email could see the email addresses of the other 249 recipients.
Within hours of the error, An Post emailed the customers affected to apologise “unreservedly for this error. This is a data breach and is being reported to the Data Protection Commission. Action has been taken to prevent reoccurrence.”
Reduce the risk of a data breach in your organisation
Erroneously sending an email using either To or Cc (carbon copy), rather than Bcc, is one of the most common types of data breach. Such a simple mistake could cost your organisation thousands in fines, but can be avoided if staff are sufficiently trained.
Our Misuse of Cc and Bcc when emailing – Human patch e-learning course explains the difference between Cc and Bcc, and highlights the importance of using the correct option. It also covers how to send personal information via email in accordance with the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, and the consequences of data breaches.