back to article HMRC dev support team cc blurtfest: Over 1,400 email addresses blabbed

Almost 1,500 software developers registered to use the UK taxman's sandbox or API platform have had their email addresses blabbed in a mass mailing. The snafu happened on Friday afternoon, when an email about the HMRC Developer Hub was accidentally sent with users' addresses visible in the CC field. The email, with the …

  1. Admiral Grace Hopper

    Who, me?

    Your new strand of confessional articles seems quite timely.

  2. JimmyPage Silver badge
    FAIL

    Can't speak for individual developers ...

    but I'm guessing there must be some mighty pissed off companies here.

    I wonder if the ICO views a commercial confidence breach more seriously that personal details ?

    (Starting with the observation that the ICO couldn't really care less about personal data breaches.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Can't speak for individual developers ...

      > I wonder if the ICO views a commercial confidence breach more seriously that personal details ?

      The ICO doesn't care about commercial confidence breaches.

      > (Starting with the observation that the ICO couldn't really care less about personal data breaches.)

      And that's just silly.

  3. msknight Silver badge
    Joke

    "We've contacted HMRC to ask if it has any further comment."

    ...after all the e-mails it's sent out... you're asking it for MORE comment :-D

  4. Terry 6 Silver badge

    The CC error

    Hmm. Surely this happens so often it's about time that email clients had a prevention rule built in. Maybe an automated pop up that asks, "Do you know that all the recipients to this message are visible". Or something.

    1. TonyJ Silver badge

      Re: The CC error

      It staggers me that so many people still don't realise there is something called MailTips built into Exchange that can do this kind of thing.

      Since 2009!

      https://blogs.technet.microsoft.com/exchange/2009/04/28/introducing-mailtips/

      They can even be customised so there really is no excuse where Exchange and Outlook are in use.

      Of course...that doesn't prevent someone sending them out in a badly written script.

      1. Yet Another Anonymous coward Silver badge

        Re: The CC error

        Of course...that doesn't prevent someone sending them out in a badly written script.,

        This is government IT - I'm surprised they used 'cc rather than typing them all individually

    2. wyatt

      Re: The CC error

      I was working on a clients PC via a remote session and they were sending me an email, they had a pop up when they clicked send of all the email addresses that the email was going to and did they want to send it.

      Functionality is out there, there is however no pressure to implement it. Wonder if the HMRC will wrap up their business before the fine from the ICO is chased?

    3. AndrueC Silver badge
      Flame

      Re: The CC error

      Maybe just get rid of CC or at least have it hidden by default. As somone who relies on a DEA system I'm particularly irked when my email address gets spaffed out to random people.

    4. iwrconsultancy

      Re: The CC error

      Likewise, all webservers should ask, "Are you sure you want to publish your email address on this page for harvesting by the spambots? Only respond Yes if you love getting p*nis-pill adverts in your inbox."

    5. jbuk1

      Re: The CC error

      What you mean like this?

      Key: HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Outlook\Preferences

      Value name: ShowFrom

      Value type: REG_DWORD

      Value: 1

      Key: HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Outlook\Preferences

      Value name: ShowBcc

      Value type: REG_DWORD

      Value: 1

  5. Doctor Syntax Silver badge

    Fining HMRC or any other government bodies for breaches under GDPR doesn't really work as fines go to the government anyway. So what means exist for disciplining government bodies? There's clearly a need for them.

    1. Brewster's Angle Grinder Silver badge

      Who do the fines go to? If they're transferred between departments, then there's some effect. Doubly-so if they're transferred from someone's salary -- the salary in question being the person responsible for the system which allowed the cock up, not the trainee with the fat fingers.

      1. Yet Another Anonymous coward Silver badge

        If they're transferred between departments, then there's some effect.

        Yes their budget is increased by the amount of the fine and your power is measured by the size of your dept's budget

      2. Anonymous Coward
        Anonymous Coward

        The trainee intern

        ...with 6 months experience with a senior dev job title, because he knows what mongo db is!

        Pay peanuts, get monkeys. I've never cc'd people by accident, if you have then you are the kind of person who can put the wrong fuel in your car....ie stupid!

  6. Phil Endecott Silver badge

    Irregular verbs

    "Please note the HMRC Developer Hub will remain shuttered over the weekend..."

    To shut has always been an irregular verb, but its conjugation seems to have changed recently.

    It used to be that the present, "I shut", was the same as the simple past, "I shut". Like "I put" or "I cut". And the corresponding adjective was also "shut". "The door is shut".

    At some point in the last couple of years, usage has changed. Now people say "shuttered" for the past tense and the adjective. "I shuttered it yesterday", "it is shuttered".

    Is this an import from the U.S.? Like "train station"?

    1. frank ly Silver badge

      Re: Irregular verbs

      It's derived from the use of the noun 'shutters' which are often placed over the windows and doors of permises that are closed, either temporarily or permanently. Hence the creation of the verb 'shutter' - to put into a closed state and make not available for use.

    2. RockBurner

      Re: Irregular verbs

      "Is this an import from the U.S.? Like "train station"?"

      Is that not just a self-generated differentiator because the US uses terms like 'gas station', rather than 'garage'?

    3. Doctor Syntax Silver badge

      Re: Irregular verbs

      Is this an import from the U.S.? Like "train station"?

      What's wrong with train station? It's a place where trains go to become stationary. Do you normally take trains from the bus station?

      1. Phil Endecott Silver badge

        Re: Irregular verbs

        > Do you normally take trains from the bus station?

        No, I take them from the Railway Station.

        1. pleb

          Re: Irregular verbs

          Surely HMxx should be using HM Queen's English. "Shuttered"?

  7. Missing Semicolon Silver badge
    FAIL

    Quite plainly Outlook is in use

    .. as only clueless Outlook users would ever try issuing a "recall" - which only works on your local Exchange server.

    1. Anonymous Coward
      Anonymous Coward

      Re: Quite plainly Outlook is in use

      It was worth a try.

  8. Valerion

    Reply All

    I'm amazed nobody hit Reply All to point this out, followed by more people Replying All to say "Remove me from this list" and so on, forever.

    1. cbars

      Re: Reply All

      It was a list of developers. Of all random sets of people, these are the ones who are aware of how email works.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reply All

        Really? our development team only just about know how power buttons work ....

    2. Anonymous Coward
      Anonymous Coward

      Re: Reply All

      Opportunity to start a support group for all that use their API's.....

  9. Anonymous Coward
    Anonymous Coward

    I blame Microsoft

    Outlook shouldn't allow this

  10. Paul Woodhouse

    if at first you fail. Fail, fail and fail again...

  11. Anonymous Coward
    Anonymous Coward

    ICO fine

    The HMRC should be forced to pay the fine by rebating a portion of it to all the taxpayers who do Self Assessment...

  12. unwarranted triumphalism

    Let's get some perspective here

    It's not like any important information was revealed.

    1. pleb

      Re: Let's get some perspective here

      No, not like when some HIV clinic CCs a newsletter to all their patients!

  13. SgtPepper

    Also not the first time...

    Back in October '16 they made exactly the same mistake, that time to just over 1100 email addresses.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019