I see it all too often, I'd had one yesterday actually. Generally I send them an e-mail back (just to the original sender) explaining that in future could they use BCC so everyone on the list doesn't get everyone else's e-mail address.

It also really gets my backup when friends blindly forward on junk (virus hoaxes, crap jokes and that stupid crap about how much of a great friend you are) to EVERYONE in their address book, and of course they don't use BCC, and they also leave in the headers for everyone else who has blindly forwarded it on so you get a list of about 500 e-mail addresses in the e-mail and you can't do anything about your own e-mail address ending up being sent on without your consent. When this happens I generally send my friend a strongly worded e-mail to say don't send me this crap anymore. Luckily most of the people who do this only have my hotmail address anyway which I don't check (I only use it for Messenger and XBOX Live).

I dunno, some people shouldn't be allowed e-mail addresses until they learn how to use them properly (don't get me started about HTML and top posting on mailing lists either).

FAIL because, well Vodafone have failed, just as well they didn't send it to everyone of their subscribers.

Rob

This happens all too often and it's easy to blame human error but it points to a lack of security culture and training. Anyone who is in a position to send out emails to customers should have the training to understand the security implications of what they do, especially for a company as large as Voda.

This is not a one off! Vodafne does this all the time to it's partner channel... I now have the email address for almost every billing team that deals with Vodafone (including O2 and BT)... This list gets updated and re-sent in the "To" field every month!

Please don't not tick this box if you wish us not to not send your email address to carefully unlimited* third parties, vendors and other customers.

*Unlimited means about 400...

Clear as mud? Good..

Hmm 416 recipients. If it had been 3 more and asking for money, I would have been wondering if it was from the Lads in Lagos....

Punished? You must be joking. Our data protection legislation does not give any such power for this sort of breach. The worst that will happen will be that IF someone complains to the ICO then the ICO MAY send Vodafone a letter asking them if they have done anything wrong. When Vodafone explain that they made a "mistake" then that will be that. Because the ICO have no power to punish for a retrospective breach. Yet. Lets face it - if the 2006/2007 covert BT/Phorm trials of tens of thousands of customers didn't result in a punishment, a 400 email data breach isn't going to raise the roof is it? We need tougher consumer protection on data privacy and real teeth for the ICO to punish private companies that breach data protection rules or are simply incompetent..