The Department of Foreign Affairs and Trade has apologised for “unintentionally” revealing thousands of email addresses of Australians trying to get home from overseas.
The apology came shortly before 9pm on Wednesday night.
The Department apologised for “disclosing email address of stranded Australians” but said it happened “unintentionally” and “no other personal information was disclosed”.
“We want to get you home, and are working as hard as we can to do so,” DFAT added.
Thousands of Australians are stranded overseas and waiting for help to get home amid the coronavirus pandemic.
The Department sought to make them aware of the Financial Hardship Program, wherein they could apply for an interest-free loan of up to $2500 to help support themselves while they were stuck overseas or pay for a flight home.
“Overseas financial assistance loans are only available as a last resort,” a screenshot of the email shared with the ABC read.
“Only those in genuine need will be provided financial support,” it continued.
One woman told the ABC she felt “incredibly uncomfortable” with her details being shared with more than 1000 others.
She said that by her count there were 1021 emails in the “carbon copy” (cc) field of the email.
When sending information to a large group of people who don’t know each other it’s common practice to use the “blind carbon copy” (bcc) to avoid sharing everyone’s email address with each other.
Cloud cybersecurity service provider Mimecast’s local country manager Nick Lennon said breaches like this one make up the vast majority of data breach incidents.
“This is a timely reminder that more than 90 per cent of breaches are the result of human error,” Mr Lennon said.
“In most cases, when an organisation’s employees are part of a security incident or breach it is because they have been compromised by a malicious outsider without their knowledge or they have made an honest mistake and leaked sensitive information accidentally.
“Organisations need to increasingly adopt a left hand, right hand approach,” Mr Lennon recommended. “Technology in one hand, regular awareness training in the other.”
“People will always make mistakes, but a couple of steps can help minimise these mistakes, damage to organisations and stress on the individual,” Mr Lennon added.