T-Mobile slip exposes 1,100 punters' email addresses
Telco sweats it in the Hothouse
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Subscribers to T-Mobile's Hothouse - a focus group-like mailing list - got an added benefit this morning: the email addresses of everyone else on the list. The gaffe was swiftly followed by an apology and a request to delete the offending information.
The mistake was a failure to use our old friend Blind Carbon Copy (BCC) by Ipsos MORI, which runs the scheme to gather opinions and product ideas from punters. Instead the market research outfit accidentally pasted 1,100 addresses into the "To" field. So the messages were delivered along with the email addresses of all the other subscribers.
The leak was quickly followed by several "recall" attempts (four, at last count) and then a grovelling apology and request that users delete the message manually.
Not that Ipsos is the first to make such a mistake; Orange shared email addresses while polling customers about ways it could improve communications back in 2010, barely a year after Vodafone broadcast its email list of people it had accidentally over-billed. Even this esteemed organ isn't immune from hitting the wrong button on occasion, following which the only correct course of action is an abject apology.
"Please accept Ipsos MORI’s sincere apologies for this unfortunate occurrence," says the email sent to us by several readers. "We are currently conducting an internal investigation and we will taking corrective and preventative measures to ensure our data protection guidelines are adhered to", hopefully nothing more than a slap on the wrist and a lesson in email use.
Now we just have to wait for Three and O2 to make the same mistake and we'll have a royal flush. ®
COMMENTS
Re: bcc?
I've never seen that on a working mail server or client, but I'd be throwing it in the junk pile if it ever did such a thing.
I suppose there's nothing to a stop a mailer leaking that info but, come on, use some decent software. BCC has the B for one, sole, primary reason - so that NOBODY KNOWS who else you sent it to but the mailserver. Any piece of software that pushes the BCC data into the email or headers should have been consigned to the scrapheap years ago.
Fix in software?
I'm surprised that most mailservers don't have a setting so that if you're sending to more than e.g. 20 people in the To/CC line, it sends you back something saying "Are you sure? Click here to continue". Certainly would save a lot of red faces...
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
