Following on from yesterday’s admission by EasyJet that it has been the victim of a “highly sophisticated” cyber-attack affecting around 9 million customers. Serco have today demonstrated that not all data breaches are targeted attacks. Some are the result of simple human error.
Whilst contacting a little under 300 of their new recruits Serco seemingly inadvertently copied the email addresses of all recipients to each other rather than blind copying those email addresses.
Serco has confirmed:
“An email was sent to new recruits who had given us their permission to use their personal email addresses…In error, email addresses were visible to other recipients. We have apologized and reviewed our processes to make sure that this does not happen again.”
Any of the individuals in question will now need to consider whether to change their email addresses and be wary of any suspicious activity.
Serco has said it does not intend to refer itself to the Information Commissioner’s Office over the incident.
In the ongoing Covid-19 pandemic it is easy for matters like information security to be overlooked or for a rushed approach to lead to data breaches. These incidents can have serious financial consequences for the data controller and personal and financial consequences for the victim of the breach. Of course is it open to any victims of a data breach to claim in damages not only for any financial losses they may suffer as a result but also the distress that is often caused by the publication of personal data.
If you have any questions regarding data protection or cyber security, please get in touch. Details of our data protection team can be found here.
