back to article PGP email marketing gaffe creates message storm

PGP irritated its security conscious customers on Tuesday by making the schoolboy error of sending out an email marketing message to a list of around 300 recipients without using the bcc field. As a result of the slip-up, all the recipients of the marketing email (extract below) learned the email addresses of other potential …

COMMENTS

This topic is closed for new posts.
Silver badge

training needed

Some new boy put in front of a PC and told to get on with it.

Most organisations don't train their staff properly.

0
0

This post has been deleted by a moderator

Paris Hilton

Whoops!

Bad PGP! Naughty!

There's a sex shop in Soho that also did this recently. Instead of apologising to its customers, they ignored all emails to them about it. Great (lack of) customer service.

And no, I'm not a customer of that shop, my, ahem, friend is.

Paris because, well, she invented sex shops, didn't she?

0
0
Unhappy

Oops

Somebody did this where I work, bypassing established marketing email procedures through laziness.

They were promptly shown the door. Even for a small mailshot of a few hundred, there's no excuse for using Outlook, let alone forgetting to tick the right boxes.

Email's a dangerous thing - I insist all criteria are triple checked before sending a bulk email.

0
0

Organisational flaw?

CC and BCC should not be a choice when sending a group email -- the software should be configured so that mass-email CC is impossible.

0
0
Silver badge
Boffin

A couple of weeks ago...

... I received an e-mail from from Argos plugging their "Spring Blowout Sale", but someone obviously hasn't comprehended the idea of BCC, because it has over one thousand, three hundred e-mail addresses clearly visible in the "To" field!

0
0
Anonymous Coward

Access

Those email addresses should have been in a database. There should have been a method for mass emailing people in said database (web form?). Nobody other than the techies maintaining that database should have direct access to the list of email addresses.

Maybe the guys at PGP don't care about protecting their customers personal data. Even people *within* the company should be prevented from accessing customer data that they don't *need* access to.

0
0
Anonymous Coward

someone needs to be fired for this

that is all

0
0
Paris Hilton

@Graham

Isn't this against dataprotection laws?

Paris, as she knows all about being unwittingly exposed.

0
0
Anonymous Coward

Something like this happened...

...with a company my dad had inquired with regarding some engineering app or another. It resulted in an utter uproar of pissed off engineers firing messages back and forth: somehow, all mails back to the company, even without 'reply all', got cc'd to the original list.

So the first round involved indignant responses to the company; the second involved angry rejoinders from people who got the first round and thought it was the fault of the first responders; the third involved both the peanut gallery submitting wry comments and others yelling for everybody else to STOP SENDING EMAILS ALREADY...

Apparently it was a pretty fun day.

0
0

We are very sorry about this

and are doing what we can. I have posted a comment at:

http://blog.pgp.com/index.php/2009/03/email-marketing-gaffe/

Regards,

Jon Callas

CTO/CSO

PGP Corporation

0
0
Anonymous Coward

Never fails to amaze me that...

...ISPs and most commercial mail server implementations don't have a limit on the number of addresses in the TO/CC field (e.g., more than 200 and it bounces back saying "please use BCC" or something.

0
0
Joke

Employee of the Month

So, Homer Simpson now works for PGP !

0
0
Paris Hilton

Well...

I was going to come in flaming, but then I saw this. The CSO fessing up in near real time and blogging it too. You don't see that very often these days.

Respect.

Paris because she knows all about full disclosure...

0
0
Coat

I've had worse from BladeRunner

I forgot about this when I posted:

First they left their web-based marketing database exposed to Google long enough for it to be cached for a few weeks (I know this because I google my email address now and again). They never replied to my email when I let them know either.

Then, to add insult to injury, they sent out a bulk email with everyone's name in the To... Field.

Mine's the hoodie with the Kevlar lining.

0
0
Stop

@We are very sorry about this

Don't fire whoever it was. Everyone makes mistakes.

0
0
Coat

The problem with security

is that 30 sigma reliability isn't enough to stop these things from happening.

0
0

PGP email marketing gaffe creates message storm

As one of the people who received this email,to say I'm NOT amused is putting it mildly.A security company that seems to have no idea about security.................. it's a joke!

0
0
Tim
Coat

@ Jon Callas.....

Maybe you should change the company name to PPP (Piss poor privacy), then your customers couldn't complain.

Gizza job fella! My marketing skills are outstanding.....

"Trouble getting your name known? Sick of the pay-per-click advert costs? Use PPP, and then everyone will know your business!"

Mine's the one with the CV in the pocket.

0
0

@ Jon Callas

First of all, may I say I am impressed with your speedy and honorable response to the matter.

It's rare indeed that we see such candidness.

Secondly, I would like to say this might be an embarresing incident for yourselves, dashed with more than a little irony, but that I have seen much, much worse gaffes, from organisations and individuals who should have known much better.

At least it was only a harmless marketing email. Anyone got the latest tally from the MOD?

290 email addresses Vs 600,000 peoples passport details, NI numbers, family details, medical records...

0
0
This topic is closed for new posts.

Forums