14 DAY TRIAL // The Isle of Man Income Tax set up a Twitter account towards the end of March, and in the process of making taxpayers aware of the new communication channel, the institution managed to leak the email addresses of up to 5,000 individuals.
The privacy blunder has been blamed on an operational error that allowed groups of its customers to see each other’s addresses in the “to” or carbon copy fields of the email message they received.
Carbon copy instead of blind carbon copy
Basically, someone forgot to blind carbon copy (BCC) the list of recipients, making the addresses available to anyone receiving the email.
“The mistake happened when, as part of a programme to raise awareness of its new Twitter account, the Income Tax Division sent out ten batches of e-mails, of up to 500 in each batch, but in such a manner that recipients could see all the e-mail addresses in their individual batch,” says an announcement from the Income Tax Division of Treasury says on Thursday.
The institution realized the mistake and took the steps to make sure that it would not happen in the future. Part of the actions taken was to inform the Data Protection Supervisor and to launch an investigation into the incident.
Information remains exposed, no matter what
However, regardless of the measures taken, the blunder can no longer be corrected and the email addresses have been exposed for good. There is no evidence to indicate that any of the recipients may use them for nefarious purposes, but one can never be too sure of this.
All people affected by this lapse have been contacted and received assurance that no government computer system was at fault and that an employee was responsible.
Furthermore, the Division sent its “sincere apologies,” but it is unclear if they have been accepted by everyone impacted. Meanwhile, the Twitter account has now over 207 followers and 24 tweets.