back to article Capita Education Services accidentally spaffs email addresses in Helpdesk snafu

Capita Education Services had a bit of an oopsie yesterday as a new helpdesk system spurted potentially thousands of email addresses at unsuspecting users. A Register reader got in touch to express his surprise at receiving an email regarding a helpdesk ticket he didn't open, logged by someone he didn't know. To make matters …

  1. Phil O'Sophical Silver badge

    Crapita

    "cessation of competence"

    Wouldn't that have a prerequisite of competence to begin with?

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Crapita

      You are just being mean now...

      1. chivo243 Silver badge
        Pint

        Re: Crapita

        no, it's easy! ComCrap... in the States KraPN in the Netherlands, and now Crapita in the UK! Trifecta!!

    3. GruntyMcPugh

      Re: Crapita

      @Phil O'Sophical

      I read it as 'Cesspit of Incompetence',.. but then I've been a Capita customer,.....

  2. Anonymous Coward
    Anonymous Coward

    Oh for fucks sake

    Why oh why have Microsoft not added an option to Exchange* along the lines of:

    "Require additional verification if 'To' field exceeds <xxxx> addresses [Y/N]"

    that is "Y" by default ?

    Memory is dim now (which makes it even worse) but I have a feeling it was kicked about last millenium when RFCs were being circulated.

    *Other mail servers are available.

    1. Halfmad

      Re: Oh for fucks sake

      Honestly because adults shouldn't need this sort of common sense check.

      Sometimes we need staff to be clever, or work elsewhere.. like Capita.

      1. DasWezel
        Angel

        Re: Oh for fucks sake

        > [snip] adults shouldn't need this sort of common sense check.

        Lawks, you appalling optimist.

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh for fucks sake

      Better yet...just sunset email usage...it's a dated tech from a bygone era.

      Anyone still sending Telex messages?

      1. Pascal Monett Silver badge

        And you would replace email with what ? Facebook postings ? Twitter notifications ? An SMS, maybe ?

        Email is still very useful, especially in a business environment.

        Obviously, for those who spend their free time on social media, yeah, not so useful. It's okay though, nothing they do there is useful either.

        1. CrazyOldCatMan

          Email is still very useful, especially in a business environment

          And some people still use faxes.. A tool might be old, but that doesn't mean it's not still useful.

          Take an axe for example - they've been around for 100s of thousands of years, but they are still useful for reprogramming recalcitrant computers..

      2. Sgt_Oddball Silver badge
        Windows

        Re: Oh for fucks sake

        Considering that commentards have recently been discussing the virtues of IEEE-488 (an 8 bit parallel port from the late 60's I'd say no.

        As for TELEX, why yes, it's still in use and a quick googling would answer that for you or for the terminally lazy ....

        1. keithpeter Silver badge
          Coat

          Re: Oh for fucks sake

          Instructions for sending a TELEX message from the comfort of your email application...

          https://www.networktelex.com/software/e-telex-message-service.aspx

          I especially like the idea of an ocean code...

          Mine's the one with the ACME code book in the pocket.

    3. Killfalcon
      Unhappy

      Re: Oh for fucks sake

      It's a nice idea, but not much help with automated emails: people who write code that might have to send large group mails would just write their mass mail code to limit the batch size to say, 100 addresses, and send the same email multiple times instead.

      Like, uh... this one apparently was.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's a nice idea, but not much help with automated emails

        And there we have all that's wrong with modern "management" in a posting.

        It won't fix 100% of cases because of the 5% I've mentioned, so let's not do it at all. Stuff the 95% that would benefit.

        1. Killfalcon
          Thumb Up

          Re: It's a nice idea, but not much help with automated emails

          Valid point, you've got me there. It probably wouldn't have helped in this specific case (honestly I think this was already dodging limits of the length of the list), but it'd still be worth doing.

    4. AndrueC Silver badge
      Joke

      Re: Oh for fucks sake

      If you make something idiot proof, someone will just invent a better idiot.

      1. DJV Silver badge

        Re: Oh for fucks sake

        Agreed. But I think you used the wrong icon - it's the truth and far from being a joke!

      2. CrazyOldCatMan

        Re: Oh for fucks sake

        someone will just invent a better idiot

        Especially using the British Standard Idiot standard..

        (It could be argued that idiots are not invented as much as spawned by random chance)

  3. BenM 29
    Facepalm

    Well Capita User, the questions is.... Are you feeling lucky?

    Do you trust Capita when they say "It was just email addresses and wasn't an external breach, honest guv" or do you think "hmm... I wonder what else went walkabout"

    I couldn't possibly comment on the contents of the spam email but the link in it resolves to somewhere in Californiia... which doesn't look like Capita.

  4. Killfalcon

    Theorising wildly:

    Someone setup a Resolver Group who's membership was everyone in the directory (either as a test or because the system requires all users belong to a Team), called it "DO NOT USE" and then someone else used it.

    Alternatively, "DO NOT USE" has a Null in the team members box and their ticketing system took this to mean "email absolutely everyone about this new ticket".

  5. Anonymous Coward
    Anonymous Coward

    Very funny

    Reminds me of the time a certain leisure centre e-mailed out about 100 people updates to whatever it was. Only to realise they'd CCed everyone else in without hiding their address'

    Oh shit.

    Then it got VERY funny.

    They e-mailed everyone to say they were very sorry about the mistake and it won't happen again (before GDPR). But in that apology e-mail, they did it again!

    Very funny it was.

    1. David 132 Silver badge
      Happy

      Re: Very funny

      Please tell me the mail was signed by one Gordon Brittas?

  6. David 18

    Reply all

    I wonder how many hit Reply All saying "was this meant for me?"..... and how many new tickets were created from that....

    1. Anonymous Coward
      Anonymous Coward

      Re: Reply all

      We got something like this in NHS.net a couple of years ago.

      Someone managed to email all 750k users saying something like "test" and loads of brain dead middle managers (a redundancy I know) hit reply to all saying "please remove me from this list" and then others who hadn't read the first ones sent RTAs asking to be removed from that list!

      1. Anonymous Coward
        Anonymous Coward

        Re: Reply all

        that was 2 weeks of "NOBODY HIT REPLY ALL" emails followed by moths of beating Accenture over the head with a stick for allowing Joe Nobody to send e-mails to everyone in the.net directory .....

    2. vir

      Re: Reply all

      It would be nice to have an option when sending a message to make it un-reply-all-able. Or just to have administrators be able to disable serial abusers' (read: people who fancy themselves clever) rights to that button.

      1. CrazyOldCatMan

        Re: Reply all

        make it un-reply-all-able

        In a proper OS you could make the email address end up at /dev/null..

        But that won't stop idiots^W people hitting reply-all and I'm not keen on Microsoft putting a 'cannot generate an email to this address' feature into Outhouse. Because that would lead to all sorts of calls to the helldesk.

  7. Greem

    Smells like ServiceNow

    That INC0000000 format smells very much like ServiceNow to me. Looks like someone within Capita created an assignment group and managed to attach a workflow to it that did the Bad Stuff. SN is very powerful but it's just soooooo easy to get the workflows doing all sorts of hilarity*

    No doubt some junior underling will be getting beaten round the head as a result, ignoring the structural and procedural issues that caused them to do it.

    *as did a colleague some years ago when we implemented/suffered SN at work, and they managed to make a workflow auto-update all tickets with an incoming email action, which then triggered the incoming email action and updated all tickets, etc etc...

  8. Anonymous Coward
    Anonymous Coward

    Incompetence or incompetent malice

    Makes you wonder what a DO NOT USE group is for?

    1. Anonymous Coward
      Anonymous Coward

      Re: Incompetence or incompetent malice

      It's called that to stop *other* people using it. It's okay for me to, because I know what I'm doing.

  9. Bc1609

    I blame ServiceNow more than Crapita

    We had similar issues after introducing SN at the behest of the company that bought ours. I'm sure if perfectly managed it can work well, but by default the Customer Service Module behaves in very strange ways and it's very easy for a user to accidentally mass-email people even if using the system as instructed because of the weird workflows that get invisibly applied.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021