One of the UK's biggest bailiff and court enforcement groups has admitted to unintentionally exposing 600 e-mail addresses to recipients of a debt-chasing message.
The Marston Group last week sent a message demanding repayment on behalf of a loan company, but failed to hide the addresses of all the recipients.
The Westminster-based group used the standard e-mail addressing method which allows recipients to see the e-mail addresses of all other recipients.
The Information Commissioner's Office (ICO) said it expected companies sending bulk messages of this kind to use the blind carbon copy e-mailing method so recipients are not aware of who else received the message.
The ICO said the subject of the e-mail was sensitive and the case was a potential breach of the Data Protection Act.
The Marston Group said the addresses were released by accident in a test of the e-mail system, according to BBC reports.
The company said it was conducting an investigation into the matter and will take immediate steps to prevent it from happening again.
Many organisations are behind the times in their management of information security, said Tony Caine, vice-president of security firm Borderware.
"Organisations need to take into account all aspects of data protection. Typically, as we see here, the content and data leaving an organisation is not protected," he said.
Caine said businesses should not leave security up to staff, but implement measures to ensure security policies are enforced automatically.