Recipients were added to the 'to' field mistakenly.
Cardiff Council has admitted responsibility for a data breach that led to the email addresses of parents being leaked.
According to Wales Online, parents in Cardiff who are eligible for Childcare Offer for Wales funding received an email from the council, where all recipients of the email to be copied into the 'to' field instead of the 'bcc' (blind carbon copy) field.
Later that same day a follow-up email was sent to all the recipients to apologise for the error and to ask them to delete the original email.
A Cardiff Council spokesman said: "Cardiff Council is aware that a data breach occurred on May 15 this year. The breach resulted from human error and Cardiff Council's reporting procedures were followed promptly and appropriately in line with data protection protocols.
"Cardiff Council remains committed to continuous improvement in data handling practices and staff awareness to prevent recurrence."
The second email said it “sincerely apologise for this mistake and have taken measures to prevent such breaches in the future" and requested recipients delete the original email.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
