[Infowarrior] - Cyber security challenge organisers in email privacy blunder

[Richard Forno]

Cyber security challenge organisers in email privacy blunder

http://www.theregister.co.uk/2010/09/15/cyber_security_challenge_bcc_snafu/

By John Leyden • Get more from this author

Posted in Enterprise Security, 15th September 2010 11:23 GMT

Organisers of the UK's cyber security challenge committed an embarrassing email blunder by inadvertently revealing the  email addresses of everyone who entered a forensics challenge to each other.

A single challenge registration confirmation was CCed to everyone who entered, handing over a complete email list in the process. The BCC failure gaffe was brought to our attention by a Reg reader who questioned the mistake, a violation of the challenge's privacy policy. He received a reply blaming "human and administrative error" for the cock-up, so we can rule out the possibility that the CC to BCC error was somehow part of the forensic challenge itself.

Of course, this was a trivial mistake and no real harm was done, but people are entitled to hold the Cyber Security Challenge team to a higher standard of security aware behaviour than would otherwise be the case.

The email, which was sent on Monday, contained 370 unique email addresses. ®