Council in UK's City of York outs hundreds of disabled residents with a single email blunder
Summary
The City of York Council in the UK mistakenly revealed the names and addresses of hundreds of disabled residents who hold Blue Badges. This occurred because the council sent an email containing this sensitive information to all recipients using the 'To' field instead of the 'BCC' field.
IFF Assessment
This incident represents a significant data leak of sensitive personal information, which is detrimental to the individuals affected and highlights a failure in basic data handling procedures.
Defender Context
This incident serves as a stark reminder of the importance of proper email distribution list management and data anonymization when communicating with multiple recipients. Defenders should ensure robust training on data handling best practices and consider implementing technical controls to prevent such errors, especially when dealing with personally identifiable information (PII).