Businesses that have registered their websites with US firm Network
Solutions, were bracing themselves for an onslaught of spam this
week, after the internet specialist accidentally e-mailed out a
list of 86,000 of its customers' e-mail addresses.
The blunder, described by lawyers as breach of fundamental data
protection principles, has angered UK organisations which fear
their e-mail addresses will be hijacked by marketing companies and
spammers.
"This is not a very clever thing for any company to do. It is not a
great advertisement. There are technical solutions to avoid doing
this sort thing," said Dai Davis, lawyer at Nabarro Nathanson.
The case illustrates how easy it is for staff to misdirect internal
e-mails which can embarrass or damage their employers when made
public, unless safeguards are in place.
Tim Moore, director of network management specialist Parallel, one
of the businesses affected by the blunder, said he was concerned
his company would become a target for spammers.
"My first reaction was one of amusement. Then I realised my name
was on the list and it had probably been sent to everyone else on
the list," he said.
Network Solutions confirmed it had accidentally sent out a file
containing a list of customers with .org websites to "a few
thousand" customers as part of notification informing customers
about changes in their registration.
"This was a mistake and we apologise for including those additional
e-mails in the notification. The notification contained no other
information from customers," it said.
Lawyers said that although the mistake breached data protection
principles, which require information to be held securely and
processed fairly, it would be difficult for organisations to prove
they had suffered from the incident.
Companies would need to show they were receiving spam as a result
of the list being published. This would be difficult if they were
receiving spam e-mail anyway, he said.
"I would like to offer some strong words to Network Solutions,"
said Moore. "You hear a lot about security from Network Solutions.
It needs to tidy up its own house first before it tells other
people what to do."
Directors face 'cyber liabilities' >>