Is it even possible to get a death threat if you accidentally send the email to the wrong inbox?
Maybe it happens in the movies!
But there’s one incident that sparked international uproar.
Afghanistan’s reported data breach has exposed vulnerable Afghans to life-and-death consequences.
According to CBS news the Immigration, Refugees and Citizenship Canada (IRCC) accidently leaked details of several vulnerable Afghans seeking refuge from the Taliban in emails. The Afghans in question fear retaliation from the Taliban as they had past roles in Afghan government, judiciary armed forces, human and women rights movement groups.
This is what had happened- instead of entering the email addresses in the “BCC” field, the email ids were entered in the “TO” field. A unit within the Immigration department had sent four emails to multiple clients regarding the Afghan situation.
In some of those emails, not only the names but also the faces of people are visible.
According to the news, the Taliban had made steps to search out and execute those who opposed their authority. There has been credible allegations of reprisal killing.
An Afghan Canadian man, whose sister’s name and face can be seen while the cursor is hovered over the email address, is concerned for his sister’s safety. His sister and her children had to hide from the Taliban. Previously, she had worked for the Afghanistan government.
It would be quite easy for anyone to search for any person on social media if you know their name and have seen their faces. The Taliban can easily locate those people and target them. Plus, the Taliban has access to advanced technology as well.
Mistakes like sending a wrong email can happen to anyone. No organization is immune to human error. You could have chosen the wrong auto-complete option, or you could have hit “reply-all” instead of the “reply” button.
Every day, approximately 300 billion emails are sent all over the world.
A high percentage of these emails are likely to be sent to the incorrect recipient.
Instead of sending the email to “Jack Smith” you send the email to “Jacob Smith”.
In most cases you won’t even realize that you had sent the email to the wrong address, unless and until the consequences start unfolding. Businesses deal with data. This data is confidential and secretive which only a selected few are permitted to view. And if such data lands in the wrong inbox, a case of serious data breach would ensue.
That’s what exactly happened to one American investment banking company.
Goldman Sachs sent an email with confidential client information to a random stranger. It all started with a simple typing error. Instead of entering “@gs.com” in the TO field the contractor entered “@gmail.com” in the TO field. Goldman Sachs had to plead to Google to delete the email to avoid needless and massive privacy violation. Google had responded saying that Goldman Sachs had to obtain court order to do so.
Ultimately Google had to agree with Goldman’s request and blocked access to the email to avoid a massive data breach. Luckily, according to Google the recipient had not accessed the account so the client information was not compromised (not everyone will get that lucky).
Imagine if that restrictive information was compromised, Goldman Sachs could have faced massive fines under regulations like CCPA and FINRA.
Loss of client data, trade secrets, investment plans and other proprietary information can lead to the loss of competitive advantage and a lasting economic damage to the company.
The lesson here is that personnel entrusted with secret and sensitive client information should double-check the recipient list before sending an email.
However, such a level of awareness becomes difficult for employees when they are constantly juggling deadlines and deliverables.
While these organizations could have done more to upgrade their email security strategy, the fact is they didn’t.
It’s mistakes like these which makes us end up paying for a long time.
The implications of sending a misdirected email vary depending on who received it and what was in it.
In cases where you had emailed the wrong person, you can send the recall email or write an embarrassing apology email. However, if that email contained sensitive information, the incident would be considered a data breach.
Care is an Absolute. Prevention is the Ideal
A clever person solves the problem, but a wise person avoids it.
It’s in the best interest of every business to reduce the risk of accidental emailing. That’s why we created SendGuard for Outlook which prevents you from sending an email to the wrong person. You can use SendGuard to confirm recipients and attachment in Microsoft Outlook. On your typically fast-paced email outputs, SendGuard will act as a nice check & balance tool.
Interested to learn more about how SendGuard can help prevent accidental email data loss and enhance your email security? You can visit our sales page or just email our friendly sales team on sales@standss.com , who would be happy to answer your questions.
