An email gaffe due to not using bcc: instead of cc: or TO: revealed almost 400 Ohio State University students’ disability status to other students. Read the story on The Lantern.
Note that this is a FERPA issue, and there really is no requirement for breach notification to those impacted, but the unintended disclosure needs to be noted in their education records/file.