Email addresses sent with a Do Not Call Register notice in significant data breach
May 25, 2016 |
In Email fail at Do Not Call Register, thousands of contacts exposed CRN reports on a significant data breach involving the release of thousands of emails when an email was sent on behalf of the Don Not Call Register. Interestingly ACMA in DNCR: enforcement outcomes sets out the consequences of breaches of the Do Not Call Register. As late as 3 May it heralded action taken for breach of the DNCR with Do Not Call crackdown: finance company pays the penalty.
It is quite an extraordinary breach. The release of emails with an email sent as part of the Do Not Call register defies easy understanding. There is clearly poor procedures in place in the sending of emails but also storage of the cached emails.
The article provides:
Thousands of email addresses were exposed yesterday in an email sent on behalf of the Do Not Call Register.
DNCR is a free service operated by the Australian Communications & Media Authority (ACMA) that allows individuals and organisations to remove their phone numbers from receiving unsolicited telemarketing calls.
In an email sighted by CRN sent yesterday, DNCR Support informed about a planned service outage scheduled for 25 May. The email contained more than 2,000 email addresses in the “To” field.
The privacy fail is all-too ironic, given that ACMA aims to protect citizens’ privacy. The watchdog regularly censures operators for privacy breaches, such as reprimanding SpinTel and Southern Phone for inadvertently allowing personal details of silent line customers to be published in a number of phone directories.
Marketing services company Salmat won the contract to run DNCR registration and washing services along with the DNCR website in 2014.
A spokesperson for the regulator told CRN: “The ACMA has been informed of this incident, which it takes very seriously. The operator of the Do Not Call Register (Salmat) is working with the ACMA to contact all affected parties and Salmat will conduct an urgent review of procedures to avoid a repeat of the situation.”
A Salmat spokesperson told CRN: “It’s a regrettable incident involving industry email addresses and Salmat has immediately put in place additional procedures to ensure this does not happen again.”
In a similar incident last month, IT industry advocacy group CompTIA landed in hot water when an employee exposed the email addresses of at least a thousand members.
[…] Email addresses sent with a Do Not Call Register notice in significant data breach […]