"As soon as we became aware of concerns"
Apparently, your awareness required four successive blunders.
You're going to have to do a lot better to make us believe your PR bullcrap.
NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages. The first email sent yesterday morning thanked participants for "registering for NHS Digital's Full …
Yep. A perfect response to to the govs failed plans to snaffle everyone health data.
If they can't even send a private email, how can we trust them with our data. Even if they have a thousand rules about what can, and cannot be, done with private data, it only takes one idiot in an organisation and all plans are out the window. In this can there are lots of idiots and many are in government.
"...and deleting the original invitation."
One assumes the spokesperson thinks that EVERYONE uses MS Exchange, where emails can be deleted (or recalled) by the sender.
But one would think that not everyone uses MSX so then the sender has no control, as you say.
IIRC, by design, MSX message recall won't work if any one of the recipients has read the message. As MSX can't know whether off-domain recipients have read a message or not then recall never works when there are off-domain recipients. As someone else indicated, I can't think of a better way of drawing attention to a cock-up than attempting an MSX message recall.
Reminds me of the time, a rather evangelical secretary kept sending everyone she had on her mailing list, stories about the good news of getting to know Jesus. One day she received a mail from GOD who reminded her that everyone was entitled to their own beliefs and suggested the office would be more productive if people only received work related mails on the office system. The shock of it all kept her off work for a week and a public reprimand (all be it with a followup private beer from the boss) of the spoofer so she could see the there were no gods involved the sending of emails.
>>no gods involved the sending of emails.
>Although sendmail config is believed to be the work of Cthullu
Having spent the better part of the day trying to get sendmail forwarding working on a Centos7 upgrade, I think I share that belief.
Now I'm stuck trying to get ntpd to behave.
"It means you're going to be fired within a week"
Or that you have too much support in The Party to be got rid of just yet, or that the PM's waiting for an opportune moment to throw you under the bus to save him/her self. (See, e.g., Gavin Williamson, Chris Grayling etc.)
Shouldn't there be a limit on how many recipients can be added to the To: field? Better yet, if mass mailing is to be done, do it with a system that only allows the BCCs! Is this a thing? If not, and you develop it, remember you heard it here first!! I'll just have a few of these for compensation!
Yeah but the problem is always the same : as soon as you define rules to automate mailing, some idiot is going to feel that his case is special and he'll go out of his way to work around the rules and send it the way he wants.
You cannot automate against stupidity, stupidity will win every time. You need to educate stupidity.
With a cattle prod, if necessary.
Icon because integrated battery charge.
I remember getting work emails CC'ed to up to a hundred co-workers. The text was about 200 characters, the list of CC'ed co workers often took the size of the message to several kB. And this after we had been asked to reduce our file storage needs to save money.
I think I may have suggested sending department emails BCC to reduce filestore overflow, but I'm not sure anyone listened.
The most bum-clenchingly awful reply all mistake I've seen happened after the whole company received an email from operations reminding us of the new password policy - 12 characters, mixed case, special chars, etc., and NEVER write them down or share them.
This poor guy (let's call him Gary) meant to forward the following to his mate, but instead replied all: "How the hell do we remember these without writing them down".
This was swiftly followed by the email - Gary would like to recall ...
Which was followed about half an hour later by an email from HR, saying Gary no longer works for Enron (sorry), and has left the building.
Ouch!
Absolutely nothing as they don't understand how to safely send e-mails either.
I had a case last year involving a company our council outsourced some services to, they cc-d everyone who had taken the service in the city and then when realising e-mailed everyone again to ask they delete the e-mail. In this case you could have correlated some of the names in e-mail addresses to other public info and worked out the actual people. They then sent me a follow-up to the issue to me addressed to another customer!
DPO at the company didn't think they had done anything really wrong and told me to raise with the ICO if I disagreed. So I did, the ICO did agree there was an issue and made them make a number of changes and apologise for the error, however this was the classic bit from the ICO
"****** also explained that they consulted with their French head office and Google to see if any further technical measures could be introduced to reduce the likelihood of similar disclosures. However, no extra measures were deemed feasible as it was determined that no measures could realistically prevent human error, as in this case" - So the ICO accepted that nothing could be done to prevent this type of issue?!
In all the companies I have worked for e-mails to customers are not sent by individuals on an e-mail platform, you can't even get to the customers e-mail addresses to do that. Messages to customers are sent via a CRM or similar both for individual and wider e-mails which ensures issues like this don't occur, seems the ICO have not heard of this approach! Remove the human being able to send these Mr ICO?
Should I mention the ICO merged bits of data from the breach to demonstrate an individual could be identified (not myself) in the response to my complaint sent in a normal e-mail?
Also further technical measures are very easily implemented. Just route outbound mail through a mail server that builds up a view of normal traffic and holds any abnormal mail while it sends a message to the sender to double check they really did want to send it. The sender then releases with a simple reply.
Since my last few employers have had this in place, I assumed everyone did these days. But I guess it is just those with a clue and a care.
...not.
This email and any attached files are strictly confidential and intended solely for the use of the individual(s) to whom they are addressed. If you are not a named addressee you should not disseminate, share, distribute or copy this e-mail. If you have received this e-mail by mistake please notify the sender immediately and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
That should fix it!
On a slightly more positive note: when I press send on a Gmail that contains wording indicative of an attachment, Gmail alerts me "It seems like you have forgotten to attach a file...".
It would be good if there were a similar alert for any email with a cc: Something like - "are you sure you want all recipients to see the email addresses of all other addressees?"
This would be great for those occasions where I intentionally cc: all 30 members of a club so they all know who is seeing it and can *when appropriate* use reply all but then a few choose to "reply all" with some mundane observation or intended just for me.
Even adding a standard footer "Please don't annoy everyone by using 'reply all'." didn't work. When I started sending those who persisted a sarcastic comment most but not all got the message...
Might not be worth considering for a bcc: alert too - "Are you sure you need all recipients to receive this information".
Completely unnecessary if everyone knew how email works but that knowledge is seemingly limited to readers of The Register and a handful of others.
Will that be one digit or two? I send emails once a month to far too many people who generally delete without reading (I don't mind, I still get paid). Granted, the BCC button in Outfsck is not visible in a default installation, but anyone tasked with sending mass emails even internally to an entity should know of it's existence and ask for it if they don't know how to manifest it.
Oh yes, and if Outfsck 365 is chatty enough in other time-wastingsaving ways, you'd think there'd be a friendly warning before sending to the world and it's partner.
Anon because. Just because.
Some years ago I did training at PHE Porton to be part of the team that tested samples for ebola in Africa. I received emails from PHE with attached spreadsheets containing detailed personal information (IIRC name, address, telephone number, possibly age - it was a while back). This was shortly followed by an instruction to delete the information because it was a mistake. They then sent out followup emails at least twice more containing the same information again.
One can but shrug.
Sending a CC (or even a BCC) email to hundreds of addresses? I very much doubt that someone selected that number of recipients by hand and eye from the address book. If they did, it must have taken some effort. So this could more likely have been driven by some kind of automation, in which case have they never heard of server side distribution lists? Very few organisations I've worked with seem to have heard of them.