"Only" email addresses were leaked, but that could be more than enough for crooks

Mar 21, 2012 10:25 GMT  ·  By

An administrative error made by Student Finance England exposed the email addresses of around 8,000 students who needed to complete grant application forms.

Student Finance England, a subsidiary of Student Loans Company, the body responsible for delivering grants, emailed the notifications to students, along with an attachment that contained the email addresses of all the other scholars.

According to The Telegraph, the Student Loans Company publicly apologized for the mistake and acted on alerting all those involved.

Fortunately, no other information except for the email addresses was shared.

On the other hand, the director of the privacy group Big Brother Watch, Nick Pickles, doesn’t seem to be too happy about the incident.

“Just because this information didn’t contain bank details, it doesn’t mean it isn’t useful to people. The fact is that email addresses are increasingly the primary mode of communication for most people. Who knows where it could end up once it is in the public domain?” Pickles said.

“If you were to go to a credit reference agency and say, ‘I have the email addresses of 8,000 people in receipt of student finance, would you find it interesting?’. Of course they would.”

And he’s probably right. A simple email address could lead to a social media account that contains highly valuable private data. It could also be used in targeted phishing campaigns and many other types of malicious operations.

In the era in which many of the crimes have moved into cyberspace, an email address could represent much more than a way to contact someone.

Unfortunately, in the past months many organizations proved to be unaware of these dangers and kept sending out emails that contained sensitive information to the wrong parties.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.