(CMR) The Ministry of Border Control and Labour has apologized to recipients of the tourism stipend for a data breach that occurred on Tuesday, 12 April, resulting in the information of over 3000 persons receiving the stipend being shared with fellow recipients.
In an email sent to recipients, the stipend team explained the data breach occurred when three mass emails were sent to recipients without using the BCC feature, resulting in the emails and names of persons receiving the stipend visible to others.
According to the email, “this breach occurred due to human error when a staff member inadvertently entered email addresses into the CC line instead of the BCC line. As a result, all email addresses in each email sent were visible to each recipient of the email.”
The email went on to state that in many cases, there was enough information to identify recipients of the email and, by extension, persons receiving the stipend.
The breach was identified within 15 minutes of the emails being sent, and an attempt was made to recall the messages; however, there was no report that this recall was successful, the email explained.
The Ministry of Border Control has apologized for the error and said it would discontinue sending mass emails using the BCC function in order to prevent a reoccurrence.
“As a result of lessons learned, mass emails will now solely be sent out using the mail merge function in Microsoft Word,” the email stated.
Persons have been asked to delete the emails and not forward the letters to any third party, including the media.