back to article HMRC breaches job applicants' privacy in mass email spaff

HMRC is spewing job applicants' email addresses to potential rivals in mass circular responses it has blamed on "a technical glitch". A reader got in touch to report their email address had been circulated to all other applicants in three instances. In an email seen by The Reg, the reader's address was included in a list …

  1. Anonymous Coward
    Anonymous Coward

    I blame CLAiT

    I can do computers, I got a sestificate

    Thank you Mr New Person, go play with the sensitive data

    1. Anonymous Coward
      Anonymous Coward

      Last year I couldn't spell technician. Now I are one.

  2. kevin king

    Human Error

    Putting email addresses in the TO: rather than the BCC: on a mil merge is not a "technical glitch" its Human Error. Stop Blaming the Machines or they will rise up!

    1. Anonymous Coward
      Joke

      Re: Human Error

      Yeah... but it's so much easier to blame the machines... they don't talk back...

      1. Brewster's Angle Grinder Silver badge

        Re: Human Error

        "they don't talk back..."

        For the time being.

        1. Graham Marsden
          Alert

          Re: Human Error

          >> "they don't talk back..."

          > For the time being.

          http://dilbert.com/strip/2015-09-03

    2. Roland6 Silver badge

      Re: Human Error

      Are you sure it isn't just the payload from an as yet undetected piece of malware. Swapping the contents of the TO: and BCC: fields is the sort of thing people would do for a laugh but also enable then to harvest active email addresses...

    3. This post has been deleted by its author

  3. Doctor Syntax Silver badge

    "If you would like to discuss your application further, please do not hesitate to contact me."

    After all, the previous attempt to do so had such an encouraging outcome.

  4. Anonymous Coward
    Anonymous Coward

    Unfortunately, there was a technical glitch resulting in a confusing email.

    I'm confused about why the email was "confusing".

    1. Adrian Harvey

      Re: Unfortunately, there was a technical glitch resulting in a confusing email.

      Presumably if you were cc:Ed in on the mail telling someone they hadn't got the job, but you had. Or vice versa. Or to turn up on Tuesday for an Interview after being told you missed the shortlist it would be fairly confusing.... Not sure it that's what happened, but it would fit the description.

  5. JimmyPage Silver badge
    FAIL

    If only they'd hired a script kiddie

    to write a plugin to stop emails with more than <x> addresses in the "TO" field from being sent.

    If they were *really* clever they'd have got a job applicant to do it for free.

    1. Dan 55 Silver badge
      FAIL

      Re: If only they'd hired a script kiddie

      I believe it's an option with Exchange Server, which government departments insist on using.

      So that's a double fail.

    2. Anonymous Coward
      Anonymous Coward

      Re: If only they'd hired a script kiddie

      "write a plugin to stop emails with more than <x> addresses in the "TO" field from being sent."

      It's fifteen years since I left a company that did that.

      I don't think I've seen it done since.

      Is it difficult or something to have Outlook say "this email has more addressees than your default allows. Are you really sure you want to send it?"

      Course it would reduce the number of opportunities for people to do a "reply all" and people to then reply all saying "please stop replying all" (etc), which would make life a little more boring.

      1. Anonymous Coward
        Anonymous Coward

        Re: If only they'd hired a script kiddie

        Not difficult at all, it's a setting in exchange, you can even exempt certain users who have access to the global distribution list.

        At the very least it should be set to just less than the total number of mail accounts as that stops the reply all and means only authorised users can send to all.

        1. Anonymous Coward
          Anonymous Coward

          Re: If only they'd hired a script kiddie

          Speaking of global distribution lists I wonder if the person who managed to email everyone at the Ministry of Defence (that is everyone from the Secretary of State to the chap on guard duty at station X) has recovered from his embarrassment yet :-D

          Anon for a good reason....

      2. richardcox13

        Re: If only they'd hired a script kiddie

        > Is it difficult or something to have Outlook say "this email has more addressees than your default allows. Are you really sure you want to send it?"

        In 2013 it is the default (a warning certainly appears with a mailing list with 21 entries, so the limit is below that).

        Equally in Exchange you can apply an ACL to mailing lists, so only selected users can send to the bigger lists (been true since at least Exchange 2003).

      3. Tom 38
        Pint

        Re: If only they'd hired a script kiddie

        Is it difficult or something to have Outlook say "this email has more addressees than your default allows. Are you really sure you want to send it?"

        And then when they click "Yes", it pops up a box saying "Well, you're wrong", and schedules you for re-education.

        Happy days.

  6. m0rt

    "It's a bug, not a data breach"

    Nailed IT!

  7. Gavman

    ICO

    So, have HMRC reported themselves to the ICO yet?

  8. Anonymous Coward
    Anonymous Coward

    "HMRC is not the only body to apparently suffer from a "technical glitch" which resulted in data protection issues."

    Easily done, eh The Register?

  9. chris 17 Silver badge

    All external mass mailings should be authorised, approved and need at least 2 people to authenticate to a system in order for it to proceed. A mere pop up saying "are you sure you want to send this to more than 1 external person" is not enough.

    1. Allan George Dyer
      Mushroom

      "All external mass mailings should be authorised, approved and need at least 2 people to authenticate to a system in order for it to proceed."

      And they must use two keys, turned simultaneously in keyholes too far apart for one person to reach, and the recall code is a permutation of the letters O,P,E.

      "How I Learned To Stop Worrying And Love Mass Mailing"

  10. Captain Badmouth
    FAIL

    The company blamed the issued on a "systems processing bum".

    That's more like it.

  11. CrosscutSaw

    Please throw away my resume (I mean cv)

    Ummm... no, I changed my mind, I don't want to work at your lousy company.

  12. Teiwaz
    Devil

    Let's see....

    Nope, thankfully I've not applied for a guvment job in quite some time...

    After all, they've been paying peanuts for so long, they've obviously capitalised on this and hired monkeys...

    (right up to top level no doubt, given the last election)

  13. Hans 1

    >a third party acting on our behalf.

    So a third party is acting on HMRC's behalf with sensitive information ? How could that possibly go wrong ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like