ICO
After all the derogatory stories about the ineffectuality of the ICO and the even worse comments this could be payback time for them. Let us know if the put their teeth in for this one.
Between 8:58 and 10:20 BST this morning we sent an email to 3,521 of you that contained the names and email addresses of 46,524 of our readers. Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry. We would like to offer our genuine and …
So, a relatively small organisation, with trained people and its heart in the right place can still screw up under pressure. Not perhaps too surprising. So even less surprising when big, essentially incompetent organisations do the same thing, even when they are not under pressure.
Hope the Information Commissioner doesn't have to ceremonially thrash you all with a cat 'o nine tails smeared with ghost pepper sauce!
Noting how well our email addresses are used anyway on any site which bundles us up for marketting it isnt really much to worry about. Nearly any site wanting an account asks for our email and thats exactly what this site is too.
Obviously there must be an effort not to repeat this but I hope you dont give too hard a time to whoever did this (although I am sure they are getting plenty stick).
And at least you have the backbone to own up to it pretty quick.
For people who are worried on here I will remind you that nearly every stranger you talk to will ask your name and I am sure you give it. And for every account you sign up to online you have given away your email address. While we prefer to be masters of our own information we unfortunately are not.
This is becoming an increasingly common occurrence across the globe, and you can bet for every time you hear about such a mistake, there are a few dozen data security breaches which are covered up.
46,500 people affected pales into insignificance alongside the size of breaches by the NHS and local council authorities for example which often run into the millions of records.
<exaggeration warning>Chances are, if you've been alive for more than a week then some of your data's probably been leaked somewhere. More than once.</exaggeration warning>
So, fresh perspective, your name isn't sensitive information. Chances are your email address isn't all that sensitive either (are they both on your business card? You've never lost one of these incredibly sensitive wallet-sized documents, or handed one to someone you don't know right?)
If it was financial or medical details I'd be livid, but with a sense of perspective it's not all that bad.
At least the senders of junk mail might start spelling my name right now. And if they know I've got an interest in IT it might even be well-targeted spam. Exciting.
And added to my woes, the spacebar on my keyboard has started to act funny... Coincidence? I surely think not!
But, as someone will undoubtedly point out, passing along the email addresses of 42k+ furry toothed, not entirely naive or defenseless geeks is not half as bad as say, your NHS leaving about the generous gift of names, numbers, addresses, whatever equivalent of SSN's you have over there, &t, for any old body to pick up, ???, and profit from. To that, I preemptively say: Bull cookies!
Still, you apparently saw fit to at least acknowledge the, heh, mistake quite promptly, thereby if not minimizing the potential damage and outcry, at least foisting responsibility for what follows on to the owners of these misplaced readers. Trebles all around!
In other words, welcome to humanity: the race was lost before it ever started.
Was "overlooked" or was "actively bypassed"?
In the former case you need some technical control over sending data to thousands of recipients not just a note pinned to the wall. In the latter case you need a member of staff pinned to the wall.
Still, congratulations to Team Register for managing to foreswear Liam Fox's enthusiasm for the passive voice - at least until the third sentence.
This is really terrible. I shall be writing to the IPO immediately making clear the only acceptable way El Reg can compensate for this catastrophic error is to stand a pint for each transgression at its local hostelry.
All attendees will, of course, have the right to a proxy drink for the few unable to find the pub, or London, or ...
...which conveniently fell through a rift in the time-space continuum from 1000 years in the future describes the Marketing Department of The Register as:
"A bunch of mindless jerks who were the first against the wall when the revolution came."
I don't care if my email address is in your list. Running a small piss-ant email service for the past ten years with lots and lots of mods of my own.
It's hard. Fucking rock hard - so bring it on.
On a slightly serious note: peeps should do a deep search for their email address on a number of engines - you may be surprised to find it!
Thanks for the free e-mail addresses earlier. As we're signed up for the DPA too then I'm one person that isn't going to be spamming or selling those e-mail addresses.
No point in posting anonymously... I'm no longer anonymous anyway!
But good on you for putting your hands up and telling everyone that it had happened. I'm sure those of us who have this list will be responsible IT professionals... but we know what the chances of that are.
Let us know what the ICO has to say back...
Not because it was an easy mistake (there's no excuse, really) but because you owned up immediately and accepted the embarrassment.
As some others have suggested, it would be useful if El Reg were to post a follow-up article explaining exactly how it occurred and what is being done to make sure it doesn't happen again - as a useful Case Study.
Sorry but the list does not appear to have been sent to me.
If I send you a Memory stick, can you lose that as well please?. Don't send it to me in the post, just drop it outside your offices on the way home tonight and I will pick it up.
Ta
P.S. If the list is encrypted, can you attach the password as well. Cheers.
P.P.S. Any Local Government Authorities been in touch with a job offer yet?
This seems like dereliction of duty.
Our Postfix servers have a header_checks rule:
# catch multiple recipients
/^(to|cc):.*\@.*\@.*\@/ REJECT Multiple "To:" addresses promote spam and identity theft. Try "Bcc:" or use a mailing list.
I am sure that something similar is available for El Reg's Exim server.
@vagabondo you can do that in Exim also, but like everything else you have to WANT to do it first.
You can also add a dummy user to the address list and any time their name and address appear in the body reject the e-mail, or if it appears in the header with any other address reject the mail.
P.S. I thought El Rego could time travel when I saw "Posted in Site News, 24th October 2011 10:07 GMT" and "Between 8:58 and 10:20 this morning" until I realised we were still on BST.
P.P.S. anyone who implements the suggestion in the 2nd paragraph please contact me to pay me my usual consulting rates :-)
that 'Lessons will be learned'. That the person in question wasn't named implies that they won't be 'reconsidering their position' too soon- probably okay for a simple list of email addresses and names.
Thanks to El Reg for being honest and informing us about the existence of- and the scale of- the problem.
I hope the affected will be notified?
Or link all the details of your friends, possible connections, browsing habits, address book, pictures you may be interested in our suggest that you may like something or someone. Seems pretty tame compared to face book and linked in.
Was steve ballmer, bill gates, zuckerberg, assange and steve jobs on the list?