BCC is really difficult…

Ghostery, UK councils, and vitamin sellers all falling foul of GDPR, by sending list of e-mail contacts in CC rather than BCC.

Ghostery have published a summary on their website which reads:

  • Ghostery sent out an email on May 25, 2018 that unintentionally resulted in the exposure of some account holders’ email addresses.
  • Only email addresses were exposed.
  • You are not affected if you use Ghostery but did not provide an email address to us.
  • You are not affected if you did not receive the GDPR email from Ghostery.
  • As soon as we found out, we stopped using the email distribution tool.
  • Ghostery is currently working to rectify the incident and we will keep our users updated.

The company has since apologised for the error, saying that it had recently stopped using a third-party email automation platform and was managing emails in its own system in a bid to be more secure.

Nutrition business Vitl also fell foul of basic e-mail etiquette by sending an email update without bothering about the difference between CC and BCC.

The list doesn’t stop there. Marsha De Cordova MP’s office also sent an email to their constituents with the same blunder, effectively releasing the distribution contact list to everyone receiving the email.