|
|
|
archives If you want an RSS feed try this
Monday, September 27, 2004HFC email blunder
 In a rather stupid and avoidable mistake the HFC Bank sent emails to a large number of its customers customers revealing all their email addresses. While this is probably, as we have indicated very stupid its not likely to have compromised anyone's identity or increased their risks in any significant way.Unfortunately many commentators, the BBC's MoneyBox among them, have blown this somewhat out of proportion. According to the BBC online article the HFC bank itself has admitted a breach of the data protection law and has compensated their customers with £50. That nearly always sensible opinion column The Register also comments as does the FT Well we haven't actually seen the email and we're guessing from the rumors that the mistake is simply that everyone on the mailing list appeared in the cc: field of the email. That wouldn't be enough to break any data protection guidelines and certainly would not be enough to compromise anyone's identity. What will have compounded the apparent blunder will have been the lax use of the 'out-of-office-reply' which we believe was the real culprit in disseminating compromising data. This is yet another demonstration that email risks are not just confined to the currently hot issues of SPAM and Virus protection. The subject of email security needs to be considered in a more holistic way. If HFC had a BorderWare MXtreme in place they could have easily prevented this embarrassing incident and simultaneously dealt with SPAM, Viruses up to 38 other email vulnerabilities Related Links HFC bank in mass e-mail blunder : MoneyBox BBC HFC Bank's press room HSBC Borderware MXtreme email firewall posted by Robert Campbell 1:00 PM
|
