Ooops!
Wonder how many aeons will pass before you live this one down...
Between 8:58 and 10:20 BST this morning we sent an email to 3,521 of you that contained the names and email addresses of 46,524 of our readers. Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry. We would like to offer our genuine and …
This post has been deleted by its author
Pretty quick to blame the "tit in the IT dept" aren't you sunshine? Why would someone in IT be sending out emails though? It's more likely to be someone in marketing or management - that's my usual blame target. People who don't listen to IT tell them for the Nth bloody time to not do it that way.
Well, what's a copy worth to you? Genuine, live email addresses, just waiting for you to send them anything you like. All you need is to make sure it appears to come from The Register, and especially titles like "BOFH" will ensure it'll get opened.
Actually, no, I'm keeping it for myself. Still have some water in powder form to sell..
Duh. Duh. Duh. Next time, drink coffee first, THEN start work...
Go on, Reg, tell us the truth, the whole truth and nothing but the truth..
Reg, good that you fessed, but when you've told 3,521 of the nosiest and nosiest readers around, there was no other option.
But once you'd decided to fess, there was no point fudging, and that explanation is straight from the fudge factory.
You'd have got more credibility by telling the whole, awful truth. Or, is it that the Reg minion really meant to send out bulk email addresses, unencrypted, by email, but just got the wrong address list!
And when they realised it was hitting the fan, they tried to kill the send, but only managed to do it after it had got down to the 3,521st address!!.
I think we should be told.
I'm not sure that the Register marketing department would be setting SQL flags (whatever they are?) or getting anywhere near SQL. I presume they were adding field codes, which should always be programmed to make sure that the sender can see a post merged sample before sending.
Pretty freakin' poor show if you ask me. A company who goes to great pleasure in sneering at other organisations who commit the same mistake, then doesn't have the same tight controls it 'demands' of others is more than a bit hypocritical.
I wonder whether the Register would have been so forthcoming in divulging this information if it wasn't so readily going to be exposed very quickly by one of the thousands who received it?
I'm sure "lessons will be learned", "procedures will be tightened" and so forth in line with everyone else and it will be done about the same time they find $20 to fork out on an SSL certificate to protect your login to the site!
However, now for some people there will be some nice targeted spam with your name attached and some nice IT related text. Luckily no will fall for the inevitable targeted phishing attacks - will they?
How on earth are they hyporcritical??
hypocritcial - of the natureof hypocrisy, or pretense of having virtues, beliefs, principles, etc., that one does not actually possess.
Key word being pretense - in no way did they show pretense in not wanting to live up to these values .... they just screwed up! You're saying that they never had any intention of repsecting privacy???
Fail.
many millions await you. Blocking this from happening would have required a system to scan the content of the message being sent and to detect that it contained thousands of addresses rather than standard marketing material. Maybe not so difficult in this instance, but making it 100% effective would be a challenge.
The recent Hays cockup was caused (I have it on unreliable authority) <http://www.theregister.co.uk/2011/08/24/hays_rbs_email_fail/> by someone picking the wrong file to attach from a directory - instead of a standard HR attachment, they got a list of everyone's day rates.
It's an old but true saying: anyone can make a system foolproof; with some effort and skill you can even make it idiotproof; but no-one will ever make a system cretinproof.
I notice the reason you didn't put your name on your puppet is because you have absolutely zero idea of what you speak. The protections to stop this kind of idiocy aren't that hard. Marketing database, check emails against customers, yes 4 thou customers, check respondent companies, check, many companies get our email customers, no, false, stop... See, pretty easy logic. Now please refrain from talking crap...
@"fictitious name and disposable email address"
I do wonder how much longer it will be before state data mining can associate disposable email addresses with real people. For example, I know for a fact the state has been able to identify people on Facebook for a few years now, including finding their phone number when their phone number isn't given out on Facebook and that includes knowing their email addresses and everyone they contact.
I think this variation on the idea of security through obscurity, of in this case, disposable email addresses, is becoming increasingly less likely to work.
The state through the endless guise of the perpetual war on terror wants to know everyones political thoughts to find the terrorists among us and that means finding and accumulating the political thoughts of everyone. Terrorists after all are the most extreme political dissidents but then all of us who simply hate the corrupt lying arrogance of the governments and banks are by definition a political dissident, as in disagreeing or dissenting, with the state opinions which they arrogantly hold to.
Plus more than a few of us show our free thinking dissent of the government on sites like The Register, so the state would happily add and collect email lists from sites such as this, (if they could get them). More educated free thinkers are after all, historically some of the first political dissenters of each generation of governments because they don't blindly follow what they are told. Therefore governments would secretly happily want lists of email addresses from sites with higher percentages of free thinkers and sure there will be a lot of false positives from any list, but that false positive reduces over time as more data becomes available from ever more sources cross referencing with the accumulating data, so its a continuing process of accumulating ever more information to increasingly highlight the degree of political dissent.
It doesn't worry me and frankly I think the government can fuck off with its greed and arrogance at our expense (literally) and I would happily say that to any MP's face. But I do think the whole idea of a fictitious name and disposable email address is becoming increasingly less likely to work and the state will continue to do all it can to expose everyone to it in every way it can. They are determined to do that, not least by continuing to make deals with the bigger companies to find more information on everyone. I just think its inevitable.
Of course as usual, the ignorant and the two faced will deny what I've said. The ignorant continue to fail to learn and the two faced don't want to learn, because they secretly want an ever more controlled state.
For anyone else who doesn't yet know, but does want to see some evidence, check out something called “NarusInsight” e.g. http://en.wikipedia.org/wiki/Narus_(company)#NarusInsight
Also here's some info on the big databases more countries are build on people, e.g.
https://www.networkworld.com/community/blog/privacy-groups-protest-massive-dhs-database-s
There's many more examples like this I could give of increasing state database building and increasing state spying on all of us, but I think most of us already know this. So I have to wonder why the myth of "fictitious name and disposable email address" is still perpetuated?. It really can't work for much longer and I very much doubt it works even now.
""fictitious name and disposable email address"
I do wonder how much longer it will be before state data mining can associate disposable email addresses with real people."
If the data truly are fictitious then this ought not to be possible. My registered name and address were selected using common sense techniques, including facilities available online. That doesn't mean 'traceably' and it doesn't mean I fell into the trap of selecting data that I somehow liked or chimed with my personal circumstances and ID. How fortunate, because I am one of the "3,521 individuals".
Interestingly the Register asked me to delete any data I'd wrongfully received, but I don't think I did. However, because I'm mostly unable to spare time for lists and the like I've been deleting all mail apart from that which seemed important; clearly the latter looked that way. A quick check in my password database shows I ought not to worry on my own behalf and I wish the same for others.
I did post earlier that someone wasn't in the list I received, but it occurs to me now that this list is probably compiled from real name fields, and that your comment handles may well be (and it seems, often are) different from the name you input, so I will shut my trap and let El Reg answer from here on in.
This post has been deleted by its author
Well I got an email telling me I was on the list - lets see if it gets past the meoderators:
"Hello,
This morning the name and email address you used to register for The
Register was mistakenly sent to 3,521 individuals, also readers of
The Register.
We've contacted them asking them to delete the email and respect your
privacy.
We are of course terribly sorry for this error and have reported
ourselves to the ICO. Our initial statement is here:
http://www.theregister.co.uk/2011/10/24/email_blunder/
You are free to edit or delete your account details here:
http://account.theregister.co.uk/register/
If you have any questions or would just like to rant at us please
send emails to mailto:data@theregister.co.uk
Best Regards
The Register"
Kinda split on this - half amused because it's you guys, but also as unimpressed as I would be by anyone else chucking my info around. I did get a copy, and it looks like someone pasted a big CC set in the wrong field and then didn't proof-read anything... Can we get a "rolling my eyes" icon?
Did decide to have a shuftie through the list for rude words and spambots, just because I'm a sad shit.
I rather suspect that the Reg staff are emissaries from the planet Vulton, where the Vulture People rule, and are here to enslave us!
I believe that there plan is to post so many ridiculous RoTM stories, like killer loos and such, that we become inured to the news, and don't notice when the killer vulture death robots are landed, and start harvesting us all for meat.
I'm not quite sure how this particular security breach fits in with the plan though.
Perhaps they've decided we're the techno-elite of the world, and this list has been leaked in a transparent attempt to shift the blame when we're all, ruthlessly terminated. Or perhaps it was just a cut 'n' paste error, as they were uploading this targeting list to the robo-death vulture fleet that is attacking at this ver...........
[sound of static]
...keeping it secret wasn't an option. Fessing up and paying the price was the only possible course of action. And that price is that the Reg is going to have the piss taken out of them for the rest of eternity.
I wouldn't like to be the next Reg staffer who has to write a story about a data escape.
This post has been deleted by its author
This post has been deleted by its author
But I guess you already knew that . . . There are a lot of them out there . . . and growing in numbers.
It's too bad that El Reg fell apart on that email thingie. I just got word from them about me being on that MegaList. Am I angry? Nah. Maybe they'll give come together and me a free subscription . . .
http://www.youtube.com/watch?v=5iJ6mLb8r00&feature=player_detailpage
Agent Weebley@ "There are a lot of them out there . . . and growing in numbers"
[blank line]
[blank line]
I think I met one .. in an Internet Cafe .. apparently the international Freemason-Illuminati conspiracy is shooting electric shocks, through invisible wires, into the contestants on Come Dancing. The dancers idiosyncratic dancing thus directing secret msgs through the television into my friends living room. In order to preserve the evidence he's taping all the episodes. Excuse me now, I need to go and change my tin-foil hat ...
So, a relatively small organisation, with trained people and its heart in the right place can still screw up under pressure. Not perhaps too surprising. So even less surprising when big, essentially incompetent organisations do the same thing, even when they are not under pressure.
Hope the Information Commissioner doesn't have to ceremonially thrash you all with a cat 'o nine tails smeared with ghost pepper sauce!
Noting how well our email addresses are used anyway on any site which bundles us up for marketting it isnt really much to worry about. Nearly any site wanting an account asks for our email and thats exactly what this site is too.
Obviously there must be an effort not to repeat this but I hope you dont give too hard a time to whoever did this (although I am sure they are getting plenty stick).
And at least you have the backbone to own up to it pretty quick.
For people who are worried on here I will remind you that nearly every stranger you talk to will ask your name and I am sure you give it. And for every account you sign up to online you have given away your email address. While we prefer to be masters of our own information we unfortunately are not.
This is becoming an increasingly common occurrence across the globe, and you can bet for every time you hear about such a mistake, there are a few dozen data security breaches which are covered up.
46,500 people affected pales into insignificance alongside the size of breaches by the NHS and local council authorities for example which often run into the millions of records.
<exaggeration warning>Chances are, if you've been alive for more than a week then some of your data's probably been leaked somewhere. More than once.</exaggeration warning>
So, fresh perspective, your name isn't sensitive information. Chances are your email address isn't all that sensitive either (are they both on your business card? You've never lost one of these incredibly sensitive wallet-sized documents, or handed one to someone you don't know right?)
If it was financial or medical details I'd be livid, but with a sense of perspective it's not all that bad.
At least the senders of junk mail might start spelling my name right now. And if they know I've got an interest in IT it might even be well-targeted spam. Exciting.
And added to my woes, the spacebar on my keyboard has started to act funny... Coincidence? I surely think not!
But, as someone will undoubtedly point out, passing along the email addresses of 42k+ furry toothed, not entirely naive or defenseless geeks is not half as bad as say, your NHS leaving about the generous gift of names, numbers, addresses, whatever equivalent of SSN's you have over there, &t, for any old body to pick up, ???, and profit from. To that, I preemptively say: Bull cookies!
Still, you apparently saw fit to at least acknowledge the, heh, mistake quite promptly, thereby if not minimizing the potential damage and outcry, at least foisting responsibility for what follows on to the owners of these misplaced readers. Trebles all around!
In other words, welcome to humanity: the race was lost before it ever started.
Was "overlooked" or was "actively bypassed"?
In the former case you need some technical control over sending data to thousands of recipients not just a note pinned to the wall. In the latter case you need a member of staff pinned to the wall.
Still, congratulations to Team Register for managing to foreswear Liam Fox's enthusiasm for the passive voice - at least until the third sentence.
This is really terrible. I shall be writing to the IPO immediately making clear the only acceptable way El Reg can compensate for this catastrophic error is to stand a pint for each transgression at its local hostelry.
All attendees will, of course, have the right to a proxy drink for the few unable to find the pub, or London, or ...
...which conveniently fell through a rift in the time-space continuum from 1000 years in the future describes the Marketing Department of The Register as:
"A bunch of mindless jerks who were the first against the wall when the revolution came."
I don't care if my email address is in your list. Running a small piss-ant email service for the past ten years with lots and lots of mods of my own.
It's hard. Fucking rock hard - so bring it on.
On a slightly serious note: peeps should do a deep search for their email address on a number of engines - you may be surprised to find it!
Thanks for the free e-mail addresses earlier. As we're signed up for the DPA too then I'm one person that isn't going to be spamming or selling those e-mail addresses.
No point in posting anonymously... I'm no longer anonymous anyway!
But good on you for putting your hands up and telling everyone that it had happened. I'm sure those of us who have this list will be responsible IT professionals... but we know what the chances of that are.
Let us know what the ICO has to say back...
Not because it was an easy mistake (there's no excuse, really) but because you owned up immediately and accepted the embarrassment.
As some others have suggested, it would be useful if El Reg were to post a follow-up article explaining exactly how it occurred and what is being done to make sure it doesn't happen again - as a useful Case Study.
Sorry but the list does not appear to have been sent to me.
If I send you a Memory stick, can you lose that as well please?. Don't send it to me in the post, just drop it outside your offices on the way home tonight and I will pick it up.
Ta
P.S. If the list is encrypted, can you attach the password as well. Cheers.
P.P.S. Any Local Government Authorities been in touch with a job offer yet?
This seems like dereliction of duty.
Our Postfix servers have a header_checks rule:
# catch multiple recipients
/^(to|cc):.*\@.*\@.*\@/ REJECT Multiple "To:" addresses promote spam and identity theft. Try "Bcc:" or use a mailing list.
I am sure that something similar is available for El Reg's Exim server.
@vagabondo you can do that in Exim also, but like everything else you have to WANT to do it first.
You can also add a dummy user to the address list and any time their name and address appear in the body reject the e-mail, or if it appears in the header with any other address reject the mail.
P.S. I thought El Rego could time travel when I saw "Posted in Site News, 24th October 2011 10:07 GMT" and "Between 8:58 and 10:20 this morning" until I realised we were still on BST.
P.P.S. anyone who implements the suggestion in the 2nd paragraph please contact me to pay me my usual consulting rates :-)
that 'Lessons will be learned'. That the person in question wasn't named implies that they won't be 'reconsidering their position' too soon- probably okay for a simple list of email addresses and names.
Thanks to El Reg for being honest and informing us about the existence of- and the scale of- the problem.
I hope the affected will be notified?
Or link all the details of your friends, possible connections, browsing habits, address book, pictures you may be interested in our suggest that you may like something or someone. Seems pretty tame compared to face book and linked in.
Was steve ballmer, bill gates, zuckerberg, assange and steve jobs on the list?
A couple of followup articles could be interesting. How the mistake happend in the first place and what steps you are taking to ensure it doesn't happen again would possibly be helpful for those who are also responsible for maintaining large mailing lists.
Also an article on the process of informing the ICO and what they say / do could also be interesting.
Someone screwing up is unfortunate, but it happens to everyone eventually.
That you are responsible enough to tell your readership publicly and immediately own up to your error in full is admirable. It is a rare thing nowadays for someone to take such action without lawyers and spin doctors getting involved. Thanks for that.
That swelled my email spam database by 46,000+ records.
Reg readers, expect wonderful product offers from my business delivered direct to your mailbox very soon.
On a serious note: These things happen, I expect every database into which I enter personal information to be susceptible to compromise or human error resulting in exposure of that data. That's why I have never entered my real name or indeed any truthful, personally identifiable information in any online form, EVER.
Seems appropriate now.
Given that various organs have already given away my email address I'm not going to cry about the loss of it again.
I'm sure whoever was responsible will face the usual employer reprimands. Case closed.
Also, check out my eBay listing for recently farmed email addresses.
This one will will live in the annals of internet history for a good while. Just how many red faces and face palm gestures were happoening at vulture central I can only imagine.
This will definitely keep me grinning for a day or two.
Now to keep my eyes open for the practical joke from one wise assed Register reader with a Penchant for evil fun.
This post has been deleted by its author
I got the email and I was on the list. If I get any spam or phishing emails I intend to sue El Reg for every penny it has, because of the immeasurable stress and upset. I have heard of these horrors of course, but would be deeply traumatised to actually see one - in my own inbox!!! I'm sure I would need weeks of therapy. Even so, the Reg recipient who passed on the list it quite obviously sub human. Why does society provide internet access for swamp dwellers? The spawn of Satan indeed.
It so appears I was one of those who was included in the email but didn't get a copy.
Dear El Reg,
The next time you want to send out an email to me with my email address viewable to world+dog please include me in the mailing. I have this feeling that I missed out on a very lucrative $75 million deal from some relative in some country that I have never heard of. Ttfa
I just received a spoofed email, obviously from someone who has obtained my email address from somewhere.
And the email content ... it said that El Reg had coughed to releasing a part list of its readers' email addresses.
... do I hear the distinctive sound of glass tinkling in the distance ???
The first time a saw the mask was in a film, I forget the name but I am sure you will help, anyway it is a Guy Fawkes mask. The point is that they are appearing everywhere. Who own the IP right is the question and of course are we going to see a "Storm trooper mask" fight?
A "Reg": a unit to measure the amount of personal data exposed through human error.
Not sure why, but of all the sites I thought El reg would be the least likely to fall victim to something like this. I didn't get the original mail but got the apology. Not particularly fussed as I get a fair bit of spam anyway and my mail provider seems to do a reasonably good job of filtering it out.
Kudos to you for putting your hands up fairly quick
Ignoring just for a moment the error itself, I think that the response from El Reg really couldn't have been better. Posting the story within an hour, reporting to ICO and an e-mail apology received this evening.
If you could share the response from ICO and what steps you're taking to prevent it from happening again (in the same way, at least) I think you'd get a perfect 10 :)
Well, stuff going on The Apprentice. Or X Factor. You've made me famous. Fan-tast-ic!!
OK, I know, not everyone takes that view. Actually, I was talking to a chap called Andrew Crossley earlier today. Used to run something called ACS:Law. He says El Reg's behaviour is unforgivable and appalling.
However, I now find out, there's something called 'The Crossley Defence'. It involves telling the ICO, in the event of a data breach, that you're actually quite poor, your health is bad, and the pressure of work has led to events beyond anyone's control. It worked brilliantly for Andrew, he headed back to his country mansion with Ferrari in the drive and didn't have to stump up a penny.
I doubt El Reg has even heard of my friend Andrew, but. . . is The Crossley Defence not worth a try?
Good luck, gang. Shit happens.
I work for a company that has been in trouble with the ICO on several occasions. We receive our monthly pay statements to our individual email accounts but this month rather than receiving our own we all received one managers statement. Having his salary broadcast to the whole company has caused more than a few raised eyebrows.
By comparison this is quite funny and I felt quite privilaged that my disposable email address has been caught up in this fopar. Thanks to El Reg for the quick heads up and appology.
I have been dealing with SPAM for eons unfortunately. One of my associates happened to have my primary private email address in their address book back 10 years ago and they got pwned. Over the years I got to watch my email address get sold to every penis pill peddler and smut shitbag.
This email address was created for The Register. Glad I had the inherent paranoia back then.
You lot are acting as if you've had your personal fettishes outed.
It's just a bloody email address -- hardly secret -- not exactly your credit card or pin details.
If you are really freaked out that another reg reader gets your email address, then you shouldn't be on the internet.
My email address is splattered all over google, my own websites, and email list servers etc. MY spam filters deal with it.
get over it (anonymous for other personal reasons at the moment)
... furthermore, I think revealing the actual number of disclosed addresses was a mistake, because it somehow upgrades the potential interest for the site DB, acknowledging it's 46 000+ addresses you'd get there... and not just 5 or 50. Of course the actual number was going to be known, but now it's indexed and all.
Despite all the Chicken Little "oh my god, the sky is falling" crap that many will complain about, this is no big deal. Anyone out there that has some belief that their email address is some sort of private or secret thing is just delusional.
More so if those same individuals used their so-called private email address to sign up for a free email distribution from an IT news outfit. No offense El Reg, but being an avid reader does not make me believe that giving you my personal bits of info is a good idea.. :)
Someone at the Reg should be lambasted for the error, and maybe a bit of technical change is in order to prevent this from happening again in the future... but otherwise... no worries! You can find my email on pastebin.... and a million other online places where I use my (anonymous) gmail account!
Excellent, it's rare I use my personal email account to sign up to anything, however mistakenly I took theregister, technical journal / blog / news site, of whom I frequently see flaming other tech peddlers for their security mishaps, as one of the safer places to use it.
1. Idiots, I would suggest a route of leg slapping to those responsible but I'm guessing this has already been undertaken.
2. Thank you for bringing to light the reality of my own mistakes in trusting any sort of Internet based resource, especially those I initially believe to have the credentials and saavy to respect the privacy of its loyal users.
WTF?! I don’t think you can send out such a mass emailing by accident, even by "overlooking the two-stage send process because someone was in a hurry". I have my suspicions that it was perhaps sent erroneously to the *wrong* people, for which they are apologising! So, to whom has my online identity really been sold to this time?! *sigh*
As one of the lucky recipients, I hope that there was a good reason to hurry!
Why does the person sending marketing emails have access to the full list of subscribers? That's not necessary, is it?
If there is a two-step procedure where one mis-step can result in such a bludner, then take the two-step and shred it. Redesign the process so that subscribers are listed as one address; visible only internally to TheRegister and have the MTA use that to retrieve the list of recipients and to send to all
Limit the size of marketing emails to 5 kilobytes per message. The mailing list message is nearly 2 megabytes.
I'm not too worried about subscribers seeing my name and email address. But if some malware finds the list stored on their computer/network, then that does create a problem.
Yes, glad to see several people are getting the real issues. So everyone makes mistakes, wrong button syndrome ect. and the usernames and emails are no big deal in themslves, except that:
1) many probably form part of access control for other systems (think eBay, Paypal etc.), so making it easier for the small number of sad gits who will now chuck the list into a smart process that attempts auto login to crack user accounts at commonly used ecommerce systems.
2) it looks like the bods at Reg are sending bulk lists of user names and email addresses around, plain text , via email, which, if a matter of routine, is really very very stupid. If done by an inexperienced youngster, well we've all done things we shouldn't when young, a roasting is in order, but their manager should be hauled over the coals. If someone experienced, this is a serious professional mistake.
I suspect it was an Excel spreadsheet or Access DB - can anyone confirm how the list was sent?
Thats okay you sent my email to 6500 how many........ damn. I am reporting you to the Big Boodie Businesswomen of America and they are coming to sit on you in numerous uncomortable positions during your work and perhaps fracturing said pencils used to write down my address, this way it will not happen again.
Sadly, I never received a copy of the e-mail.
I did find your company privacy policy at: http://www.theregister.co.uk/about/company/privacy/
I think you need to change:
"If permission is granted, this information may be used to send occasional emails containing offers from our partners. This will only ever be provided to readers who have specifically given us permission to use their information in this way.
The Register will never use your data for anything beyond the reason stated and the permissions you grant us. "
to:
"If permission is granted, this information may be used to send occasional emails containing offers from our partners. This will most likely but not exclusively be provided to readers who have specifically given us permission to use their information in this way.
The Register will probably not use your data for anything beyond the reason stated and the permissions you grant us - again. "
On the other hand, snarkiness aside, most of my e-mail address(es) have been as public as they get forever. Don't fire anyone on my account - although I wouldn't mind knowing that they were on tea duty (or coffee-pot scrubbing duty) for month.
I *definitely* would like to know the business case for allowing mass-mailings like this - and I would even more like to know that those executives were going to be buying staff nice lunches and dinners every few weeks for a year.
Thanks for the email this morning...... Thank you for owning up.
Just reading though the comments... noticed in the posting section.
'Your email address is never published'
I hope the BOFH has a charged cattle prod to make sure it does not happen again.
Beware any delivery of carpet and quicklime
1 - The Register hasnt yet posted the name of this "someone". At least 3,521 people would like to know it. So come on DATA LOSERS...COUGH UP!
2 - Wasnt it The Register that accused the ICO of weakness? Oh yes indeed it was back in February of this year. ( http://www.theregister.co.uk/2011/02/02/ico_worse_than_usual/ )
I'm sure 3,521 of us hope that the ICO has taken on board The Registers comments back then and upped its competence levels.
In the words of Alex Hanff from same article "Christopher Graham has, in essence, now created a Data Protection regime where companies will not be held responsible for the actions of their staff."
Lets hope thats changed since then because I for one am sick of changing email addresses because of blunders by companies who then go through some kind of expensive assessment process designed by the ICO to placate those concerned, with the end result always being something along the lines of "lessons will be learned" or we have asked the company to "make procedural changes". cough-bull-cough-shit.
In the words of Jim Royle..... "my arse".
"No passwords" -- so I guess we should be grateful for that? Does that mean you're storing passwords, rather than hashes?!
And stop making yourselves sound like you're bloody heroes for reporting this to the ICO -- it's not like you've had a choice.
To quote from the email "You can delete your account here" -- fat lot of good that does now... how about making sure your marketing drones learn how to deal with your customers' data instead?
Finally, thank you for exposing my email address that has been spam-free for the last 10 years or so to god-knows-who.
So you won't miss out on all the fun, I shall forward a copy of all the spam emails I receive following this desaster to marketing@theregister.co.uk, in order to keep you abreast of all the latest development in todger enhancements.
and the email address you gave. As stated in the article. Nothing has been sent deliberately to spammers, nothing has been hacked. From the sounds of it, they just cc-ed a lot of people on the same email. So they've made public information that was already basically public (although obscure) anyway; your name will be included in emails you send, as (obviously) will your email address. Whether they store passwords or hashes is irrelevant- while I'm sure they're not stupid to store them as plaintext, none of them were released! So however they're stored it makes no odds to this story.
That's not exactly the data leak of the century. Given that "Otto Von Humpenstumpf" on Google turns up nothing but El Reg comments, I guess that you've not even used the same name on other websites.
Turning themselves into the ICO for a minor breach like this is a good move on the part of The Register- while no leak would be nice, it's good to see that they take these things as seriously as they say others should.
I got the apology but not the list :(
pastebin post was a windup so no dramas there.
Kudos to ElReg for holding their collective hands up to ballsup, however, pictures of the offending cretin strung up outside the highest window of Vulture Central are a must i feel. along with a personally written grovelling apology and a suitable amount of time of them prostrate for all aggreived to take a running boot at their backside would go a good way to alleviate the frustration
fail because ... well it was!
Sure we can all make mistakes "but this is a wh00per"!
I find this announcement rather flimsy to say the least! - with no other excuse given other than "Someone was in a hurry and something was overlooked" I was one of those unfortunate people on the list and was notified by the email below and sent to this linked article. Not Happy Reg!
EMail notice Paste here --> Hello,
This morning the name and email address you used to register for The
Register was mistakenly sent to 3,521 individuals, also readers of
The Register.
We've contacted them asking them to delete the email and respect your
privacy.
We are of course terribly sorry for this error and have reported
ourselves to the ICO. Our initial statement is here:
http://www.theregister.co.uk/2011/10/24/email_blunder/
You are free to edit or delete your account details here:
http://account.theregister.co.uk/register/
If you have any questions or would just like to rant at us please
send emails to mailto:data@theregister.co.uk
Best Regards
The Register
Well, not actually, but at least in this case it appears that Yahoo's email system truncated the incoming list of names and addresses. All I received was about 20 long lines of personal information... The way it mixes the names and email addresses, it seems to only be about 50 names in total.
The post is required, and must contain letters.
Submit post: El Reg in SHOCK email address BLUNDER
FUCK UP is now another synonym for Blunder.
One can only marvel at the ever developing English language.
I'm not vindictive. I just wnat the perp/ twerp PFY or DOC ( Doddery Old Chunt) concerned to get fuck all from Father Christmas.
I'm not one of the 300 Spartans I'm one of the 3,521 wanting to put my boot up the harse of od someone at El Reg.
El reg finally gets it very own TARDis.. where is Sarah Bee when we need her.. someone needs a slapping and she nows where you all sit.
It's good that you're not trying to keep this under wraps, but if you haven't done this already, you should inform every reader whose email address was disclosed individually; many readers will be wondering whether their addresses have been made public or not.
It might hurt your brand even more, but it's The Right Thing to Do.
On a lighter note, I predict a more humble tone from reporters on easily preventable data breaches in future... and depriving your email team of direct access to sensitive data ;-)