Security News > 2021 > May > East London council blurts thousands of residents' email addresses in To field blunder
The cockup, which happened on Monday, had locals in the borough of Tower Hamlets receive emails with hundreds of addresses visible.
Register reader Patrick, who was the unlucky recipient of one such message, told us: "The email I received had 400 recipients in the To: field, I assume because Outlook has a limit of 500... Just assuming that I received all the Bs and Cs - then that's ~5,000 email addresses they leaked."
The hapless council followed up with a email apologising to residents, which stated: "I would like to sincerely apologise on behalf of the Council for the administrative error made in sending this email identifying recipients' individual email addresses. I would like to reassure you that this matter has been reported internally and measures have been taken to avoid such an occurrence in the future."
Email privacy blunders are as old as the technology itself.
With that said, only a statue could have failed to laugh at a similar blunder from 2019, when a car parts business emailed a bunch of dealers asking them for permission to use their data.
BT Security managed to email 150 infosec bods who handed over their email addresses at a jobs fair, neatly revealing who each of the potential jobhunters was up against.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/05/05/tower_hamlets_email_fail/