An Post notifies the Data Protection Commission of customer data breach

An Post has notified the Data Protection Commission (DPC) of a breach affecting 250 customers.  

An email sent to customers about the move of the AddressPal service from one post office in Cork to another accidentally had all 250 recipients’ email addresses in the ‘To’ field rather than 249 of them being in the Bcc (blind carbon copy) field. This meant every customer who received the email could see the email addresses of the other 249 recipients. 

Within hours of the error, An Post emailed the customers affected to apologise “unreservedly for this error. This is a data breach and is being reported to the Data Protection Commission. Action has been taken to prevent reoccurrence.


Reduce the risk of a data breach in your organisation

Erroneously sending an email using either To or Cc (carbon copy), rather than Bcc, is one of the most common types of data breach. Such a simple mistake could cost your organisation thousands in fines, but can be avoided if staff are sufficiently trained. 

Misuse of Cc and Bcc when emailing Our Misuse of Cc and Bcc when emailing – Human patch e-learning course explains the difference between Cc and Bcc, and highlights the importance of using the correct option. It also covers how to send personal information via email in accordance with the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, and the consequences of data breaches. 

will you survive a data breach?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.