back to article Oz PM's department red-faced after database leaks in the cc: field

The Australian Department of Prime Minister and Cabinet, in an excess of security ineptitude, has mistaken the cc: field for the bcc: field. The inevitable result: a database of names and addresses has leaked. The department, on behalf of the Australian government, was e-mailing women on a register called AppointWomen to tell …

  1. Anonymous Coward
    Facepalm

    Ahh email client "mailing lists"

    …when will they learn?

  2. getHandle

    What's it got to do with the Australian Information Commissioner?

    And why was it reported in the Australian section of the Guardian? Oh, hang on, which country's DPMC are we talking about?? Presumably not the one The Reg is located in!

    1. Bloodbeastterror

      Re: What's it got to do with the Australian Information Commissioner?

      Exactly. I got to the last line thinking "Bloody Tories - useless as ever"...

      First line:

      "The Australian Department of Prime Minister.."

      FTFY.

  3. Chris Miller

    No doubt a stupid blunder from someone. Hands up everyone who has never made a stupid blunder ... no-one? OK then, the really stupid blunder is not having some DLP mechanism to prevent (or at least warn of) outgoing messages with more than a handful of identified recipients.

    1. glen waverley

      ... some DLP mechanism ...

      Seeing as we have already agreed this article is about Australia, what relevance does the Democratic Labor Party have?

      1. Anonymous Coward
        Anonymous Coward

        Re: ... some DLP mechanism ...

        Given the DLP are very much about "abolishing the nanny state" (least they were about 10 years ago), I doubt they'd agree to such a filter on the mail server.

    2. Just Enough

      This seems like the obvious solution. Good software protects the user from their own stupidity. I've certainly benefited from well-designed software this way. I don't believe anyone has never been thankful for some application having a sensible sanity-check on certain operations.

      Make it impossible to send out an email with >10 addresses in the "To" or "CC" fields. Or at least make sure it generates a big warning message; "You are about to reveal the email address of every recipient to every other recipient!"

      Email is really not a networking tool, where you need threaded conversations among large numbers of people. Or at least, it hasn't been for the last ten years. We've moved past that. So no-one should be in the habit of sending emails in this fashion.

  4. jake Silver badge

    Yet another example of why ...

    ... governments need actual IT professionals in control of IT. Politics-types are absolutely, totally, and completely clueless about computers/networking/security.

    1. Just Enough

      Re: Yet another example of why ...

      Sending an email is not an IT task. It's not a "Politics-type" task either. It's an Administrative task. Performed by fallible people, like anything else. Inevitably that means people will screw up sometimes.

      What is needed is training/policy that makes it hard for this kind of mistake to occur..

      1. jake Silver badge

        Re: Yet another example of why ...

        "What is needed is training/policy that makes it hard for this kind of mistake to occur.."

        What is needed is Manglement to understand that they don't understand why this kind of mistake can occur, and allow the IT staff to do their job, and train the proles in the proper use of corporate systems ...

  5. graywave

    Not so much an "administrative error" as simple digital illiteracy.

    1. Martin Silver badge
      FAIL

      But it shouldn't be POSSIBLE to send an email with multiple external email addresses in the cc: line.

      It's not digital illiteracy - it's incompetent IT.

      1. Adam 1

        Certainly not the quantity of emails that could be called a database. Do their systems not have safeguards to bounce if too many addresses are in the To or Cc fields?

        1. jake Silver badge

          "Do their systems not have safeguards to bounce if too many addresses are in the To or Cc fields?"

          No. Management, in these situations, typically does not allow the sysadmin(s) to lock it down. IdiotsInCharge[tm] are self-defined ;-)

      2. jake Silver badge

        @Martin

        It's not IT, rather it's manglement insisting on daft configuration.

        1. gazthejourno (Written by Reg staff)

          Re: @Martin

          How many more times do you want to post the same damn comment?

          1. jake Silver badge

            Re: @Martin

            "How many more times do you want to post the same damn comment?"

            As many times as necessary. It's reality, unfortunately.

            Maybe, eventually, people will notice. But I doubt it.

    2. jake Silver badge

      @graywave

      It's the administrative error, caused by manglement not understanding IT , that is the illiteracy. I clean up after this tripe at least once a month.

  6. Anonymous Coward
    Anonymous Coward

    is there an AppointMen site?

    I ask because this could be construed as sexist if the aim is employ more women in board positions regardless of ability.

    1. Not That Andrew

      Re: "Beard Level"

      Men already get employed at board level regardless of ability. Ever heard of getting kicked upstairs and the Peter Principle?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022