Another week, another example of an email using the Cc (carbon copy) field instead of the Bcc (blind carbon copy) field. This time, it was West Ham United Football Club.
The email was sent to a group of supporters regarding ticket allocations for an away football match.
Upon discovering the error, an attempt was made to recall the mass email – but the follow-up email apologising for the error resulted in the email addresses being shared again.
This email read:
You may have received an email that included a segment of email addresses of those who were also successful in the ballot […] The Club apologises that this information was inadvertently included and has reported this matter to the Information Commissioner’s Office (ICO).
The email was recalled where possible and we ask that if you did receive this email to please disregard it immediately. Beyond your email address, no other information has been shared.
The ICO is aware of the incident and is “making enquiries”.
While this incident was undoubtedly caused by human error, it is a reminder that an organisation’s employees can pose a significant threat to data security. In this instance, no personal information other than email addresses was leaked, but it just goes to show how easy it is to make mistakes – that could quite easily compromise other, more sensitive personal information.
What can you do?
To combat and prevent these mistakes and other careless actions, consider educating your employees on the risks and potential consequences of misusing the Cc and Bcc fields. It sounds straightforward, but data breaches caused by human error are a common occurrence.
The Misuse of Cc and Bcc when emailing – Human patch e-learning course has been designed to help employees who handle and communicate sensitive data do so securely and legally. By educating your staff, you can reduce the risk of your organisation suffering an avoidable data breach.