Paul Penfold reports a failure-to-use-bcc field breach that exposed extremely sensitive data:
A government agency whose job is to support abuse survivors is accused of instead causing harm by accidentally exposing the identities of more than 30 Lake Alice torture survivors in a botched email. Former staff say they repeatedly warned the Crown Response Office about unrelated unsafe behaviour by the same manager, but nothing was done.
On Wednesday, a senior manager in the Crown Response Office (CRO) sent an email to Lake Alice torture survivors, about a release scheduled for the following day of a long-awaited decision on financial redress.
The manager typed in more than 30 email addresses. But he didn’t put them in the ‘bcc’ field. Instead, he ‘cc’d all the recipients – meaning every survivor could see who else was on the list.
Read more at Stuff.