14 DAY TRIAL // Some 4,280 residents of the New Brunswick province, Canada, had their email addresses shared to each other after a company providing online courses failed to conceal the data in the recipients list.
The clients had signed up for online training courses funded by the government in order to upgrade their competences.
On Thursday, Skillsoft, the organization that develops and manages the learning material, sent messages containing assistance to the participants.
However, instead of populating the blind carbon copy (Bcc) field with the email addresses, the company entered them in the carbon copy (Cc) section, making the entire list of recipients visible.
The Bcc field in an email service is designed to hide the emails so that privacy of the information is preserved. Cc, on the other hand, has the property to allow sending messages to multiple recipients, with their emails visible, for collaboration purposes.
Skillsoft's Vice-President of inside sales for North America, Chris Cummins, said that the leak occurred because of human error, according to a report from CBC News.
He apologized for the mistake and said that the appropriate measures had been taken to avoid such unfortunate events in the future.
As a result of the accident, around 40 participants complained and one of them unsubscribed from the mailing list.
The risk of having the email address exposed is that of phishing and spam. With enough information about the victim, cybercriminals can run targeted attacks, which are more successful.