Security News > 2021 > October > NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event

NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event
2021-10-20 11:28

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.

The first email sent yesterday morning thanked participants for "Registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."

Apparently Neil Bennett, CISO at NHS Digital, and Phil Huggins, National CISO at NHS X, "Along with guest speakers, will have a conversation about the ongoing protection and how an increasingly digitised world means we must be super vigilant and cyber secure, where cyber hygiene is essential in protecting patients."

According to sources caught up in the email chain, NHS Digital were sending the emails in an attempt to change the invite details.

As email blunders go, this is ranked pretty low down in terms of seriousness - just think of this story, or this one - but it is more than a little embarrassing.

"An NHS Digital spokesperson said of the issue:"We take our responsibility to safeguard personal data extremely seriously.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/20/bcc_fail_nhs_digital/