Drop BCC not BOMBS!
Over a month ago the UK and other coalition forces withdrew from Afghanistan. What followed was a mass evacuation of people and citizens whilst the Taliban resumed power after their 20+ year hiatus.
Fears circulated in the media of brutality against those who had helped the UK and US forces, driving those left behind into hiding, apprehensive of the new regime and imposed Sharia Law.
Fast forward to the 20th September 2021 and news of a major data breach which potentially exposed those in hiding. Not, as you might suspect, complicated and sophisticated espionage or subterfuge from the Taliban, instead something much more mundane but with equally damaging consequences: a badly compiled email.
Said email was put together and sent but instead of adding the recipients into BCC, the at-risk translators were in the CC field, and therefore plain sight.
The names and in some cases other information such profile pictures were visible to all and sundry who came across the email. Whilst most professionals have committed an email fail at some point, normally they don’t have such potentially lethal consequences.
What they do normally have in common though is the helpless act of trying to rescind that act of sending in the first place. The same thing happened here; the initial email reportedly followed up by a second message urging for deletion of the first.
What follows is an immediate investigation according to Defence Secretary Ben Wallace, with further rumours circulating of dismissal for the sender.
Numerous technological measures could have prevented this blunder, what we’re confident was an honest mistake could have been picked up by various software platforms and corresponding configurations to highlight the error and correct it instantly.
E-Mail is such an inherent part of everyday life and business communications, we’re all often guilty of fat fingers or haste when compiling them. Utilising things such as Data Classification, Data Loss Prevention and other sophisticated real time email security tools which go beyond the capabilities of historic email security gateways could all have stopped this from occurring.
Whilst we’re in no position to criticise the Government’s approach to data privacy or security, this goes a long way to highlight the ease at which accidental data loss occurs.
If you’ve concerns on your own organisation’s practices around safe email or data privacy talk to your HANDD account manager, get in touch via email at firstname.lastname@example.org or call us on 08456 434 063.