5 Sep 2018 | Articles, Cyber Security, GDPR

Another Example of Email Misuse…

Howard Freeman

Howard Freeman

yellow and black spiral light

Why you should educate your employees on email misuse

Yet another example of an email misuse using the CC (carbon copy) field instead of the BCC (blind carbon copy) field. This time, it was Premiership side West Ham United Football Club 

The email was sent to a group of supporters regarding their ticket allocations for an away game.   

Once they (The Football Club) discovered the error, attempted to recall the email – but the follow-up email apologising for the error resulted in the email addresses being shared, yet again. 

Their email read

You may have received an email that included a segment of email addresses of those who were also successful in the ballot […] The Club apologises that this information was inadvertently included and has reported this matter to the Information Commissioner’s Office (ICO). 

The email was recalled where possible and we ask that if you did receive this email to please disregard it immediately. Beyond your email address, no other information has been shared. 

The ICO is aware of the incident and is “making enquiries”. 

While this incident was undoubtedly caused by human error, it is a reminder that an organisation’s employees can pose a significant threat to data security. In this instance, no personal information other than email addresses was leaked, but it just goes to show how easy it is to make mistakes – errors that could quite easily compromise other, more sensitive personal information. 

What can you do?

To combat and prevent these mistakes and other careless actions, consider educating your employees on the risks and potential consequences of misusing the CC and BCC fields. It sounds straightforward, but data breaches caused by human error are a common occurrence. 

The Misuse of Cc and Bcc when emailing – Human patch e-learning course has been designed to help employees who handle and communicate sensitive data do so securely and legally. By educating your staff, you can reduce the risk of your organisation suffering an avoidable data breach. 


Can we help?