Gardai Email Data Leakage – When Blind Carbon Copy Saves the Day

Introduction

Few users on corporate systems can say that they have never regreted sending an email to a distribution list, and tell something that was just meant for one person. Luckily many email systems will default to send back to just the originator of the email, but mistakes can often still happen, and many users receive emails which reveal a little too much information on the distribution list. Personally I have seen many emails which are send with a To: list which include many email addresses who should be kept private.

Forgetting to Blind Copy

So the yesterday, the Gardai had to apologise for data breach which released over 1,700 email addresses, and which was blamed on an ‘administrative error’. A particular problem with this is when an email is to be sent to a contast list, and where they are supposed to be sent through a blind carbon copy (BCC:) and by mistake end up on a carbon copy (CC:) list. Most users understand the difference, and known that a BCC: version does not release the full distribution list. Care must be taken if an email is sent to a person, and they do not known that it includes a BCC list, and then one of the users on the list sends back an email to in the To: field, which can cause some embarressment for the reason for the BCC distribution (the person on the BCC is meant to know that it’s a secret distribution). Often the method used is to set the sender of the email to being both the sender and receiver of the email, and all others on the BCC: list.

The data breach happened within Dublin North Central Gardaí when they sent our their community policing information bulletin to their distribution list, but did not hide recipients’ addresses to others. This is seen as a breach of Ireland’s data protection laws. related to the leak of personal data. While they tried to recall it, the mechanisms for recall often do not work, once the email has left the local system, as they user is often prompted as to whether they want to delete it or not. Like it or not, most users actually view the email, even though the sender has tried to recall it. There wasn’t any sensitive information in the newsletter, but the email distribution list included the email addresses of others in the community.

Conclusion

Apart from user training, there are many solutions to this. The best is to use a package which creates the emails one at a time, and then prepares them for the user to review and check. Otherwise, in sensitive environments, email systems should check the number of users in the CC: or TO: fields to make sure there are not too many setup.  The release is unfortunately as it was a key mechanism that was being used for engaging with the local community, so it would be hoped that they engagement continues, and that future breaches will be avoided. Few users can say that they have never made a mistake in sending an email, so this must be acknowledged in this case – as mistakes happen. The key thing is that organisations need to set in-place safe-guards, in order to protect themselves, and for large-scale data breaches.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s