Skip to content
Naked Security Naked Security

Football team drops the privacy ball with email Cc blunder

But at least now you know how to get in touch with people who might have an extra ticket...

Staff at the London football club West Ham United dropped the ball last week, emailing ticket confirmations to fans en masse, Ccing them all instead of sending them each a blind carbon copy (Bcc).


Any Bcc/Cc blunder is a breach of privacy, scattering email addresses far and wide. Some gaffes are worse than others, though …and more expensive.
Last month, the Information Commissioner’s Office (ICO) said that it had fined the Independent Inquiry into Child Sexual Abuse (IICSA) £200,000 (USD $260,000) over one such mistake, which exposed possible victims of child abuse.

The West Ham glitch is nothing as sensitive as that, in spite of one tweet:

But while it may not be as serious, that’s not to say that the football team is immune from the privacy watchdog’s notice. Will the slip lead to a fine?
The ICO hadn’t yet said anything about a potential inquiry or fine, according to The Register.
As some have pointed out, the ICO might well be inundated with plenty more consequential blunders than this one at this point: after all, in May, the GDPR came into its full, fine-inflicting legality.

What to do?

Well, what not to do is include everybody’s email in the To: or Cc: fields, like West Ham and so many others before it have done. Like, say, Ghostery, which did it, ironically enough, in an e-brag, “Happy GDPR Day” note about its “high standards” when it comes to user privacy.
“Don’t do it” = not much help? Nah, we don’t think so, either.
As we’ve said before, the commonality of Cc/Bcc goofs means that there’s either a basic design flaw in email, or that normal email clients might be the wrong tool for the job.
If your organization is sending sensitive emails, it’s worth it to look into hiding your email client’s To: and Cc: fields so that you simply can’t enter email addresses in a way that allows them to be shared. Alternatively, you could use an email marketing platform that sends an individual copy of your email to every person on a mailing list.


2 Comments

I saw this on LinkedIn yesterday.
Some of the comments suggested that it is possible to configure your email server to block outgoing email that is CC’d to more than a certain number of recipients, but the comments where light on detail. Is that possible using common mail servers (Exchange, Postfix, Exim etc?). If so it sounds like a fairly simple and effective precaution, that could be widely deployed to at least limit this sort of mistake.

As we’ve said before, the commonality of Cc/Bcc goofs means that there’s either a basic design flaw in email, or that normal email clients might be the wrong tool for the job.
Maybe it could be streamlined. But I think this just boils down to people hurrying and not paying attention.
I’ve been guilty of this very infraction (not 500 people, but yeah–dumb). There are simply times one must slow down and ensure everything’s done kurrecktly.
I do like your idea of limiting fields altogether for automated systems–or David’s, based on quantity.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?