Newsletter Accident Exposes 25,000 Addresses
Newsletter Accident Exposes 25,000 Addresses
December 5th, 2006: Normally email security breaches happen when someone CCs instead of BCCs. Well, unfortunately Macquarie University’s Alumni office recently discovered that CC isn’t the only way to expose your mailing list.
Normally if someone Carbon Copies (CC) an email instead of Blank Carbon Copying (BCC) it, then all the recipients can see who was on the list. While this does happen with embarrassing, if not disturbing frequency in the business world, outside of business and government mistakes like this are usually more of an annoyance. Unless of course, the email comes from one of the country’s largest universities.
Macquarie University’s Alumni department has a mailing list it uses to keep its past and present students in the loop for university news, upcoming activities and other events they may be interested in. At the end of October this year, the department accidentally sent out the entire list of Alumni email addresses in the body of an email advertising an upcoming competition.
“Yesterday, you will have received an email from Macquarie University IT Services on behalf of the Alumni Office,” wrote Mary Sharp, Director IT Services at Macquarie University in an apology email to subscribers. “Instead of the intended message, that email contained the Alumni email contact list. This was sent in error.”
As the addresses were contained in the body this doesn’t look specifically like a CC mishap, however, the cause is unclear. Be it a software glitch or a case of cut and paste gone wrong though, 24,718 subscribers have had their email addresses compromised, causing the university to review its newsletter distribution process.
“Macquarie University IT Services has today reviewed the processes for distribution of Alumni correspondence and introduced additional technical and operational controls to ensure that this incident does not recur,” Sharp continued.
Whether human or machine error, it is unknown how the oversight occurred or how many of those on the list received it. However, with addresses covering government agencies, banking groups, businesses and private accounts, the exposure is no small security blunder. Particularly considering the addresses are frequently made up of the recipients first and last names.
With December shaping up to be the jolliest season for spammers yet, it’s easy to see why people are becoming increasingly protective of their email address. Yet all it can take is one mailing list accident to unravel these efforts.
Macquarie’s IT Services have apologised and asked anyone who has received the list to immediately delete it.
IDM contacted the university for further comment, no reply was received prior to publication.
Comment on this story