In a survey on over 6,000 employees, a huge 62% admitted to making email errors. The media is filled with reports of troubling data breaches affecting practically all industries, from healthcare and defense, to education. Often it feels that a week doesn’t go by without a new organization hitting the headlines for bcc errors or incorrect recipient mistakes.
Here are five examples of recent data breaches caused by human error.
1. John Taylor High School - August 2023
Once again a data incident within the education sector has reached the UK headlines. The Inns of Court College of Advocacy (ICCA) has contacted the ICO after a “technical issue” left sensitive information, including exam results and health record information of 800 students accessible by the recipients.
The breach left personal data including more than 440 personal email addresses and phone numbers, as well as academic information and exam marks, accessible to students across the college.
2. NHS Lanarkshire - 2020-2022
When employees of NHS Lanarkshire resorted to using WhatsApp as a quick way to communicate sensitive information, they were just trying to do their job in an efficient manner in a time of uncertainty and stress.
On the one hand, this was an incident of employees finding technological workarounds in the absence of a secure communication solution. This was further complicated due to the COVID-19 pandemic placing great strain on the NHS and healthcare services across the world.
Blind carbon copy (BCC) errors remain one of the biggest causes of data breaches each year. The majority of these breaches occur when bulk emails are sent in carbon copy (CC). This was the case when Hastings Council sent a bulk email to 357 constituents of the council area with all the recipient’s email addresses visible to each other.
Residents of Hastings Council area were quick to vent their frustrations with one resident stating “Great job. Now we know all 357 emails of people who use brown bins.” Local councils are responsible for the data of thousands of residents. Regardless of the topic of the communication in question, trust can be quick to lose and particularly hard to regain in the wake of a data loss incident.
4. NHS Highland - June 2019
Another example of a BCC error came in Summer 2019. NHS Highland accidentally shared the sensitive information of 37 patients accessing HIV services via CC, making email addresses visible to all recipients. Given the extremely sensitive nature of the recipients, the ICO issued a reprimand of the service in lieu of a £35,000 fine.
Zivver helps protect organizations from the leading cause of data breaches - human error. Speak to one of our security experts to learn how Zivver can keep your organization safe from human error data breaches.