The Queensland Police Service has mistakenly sent an email that revealed information on about 500 gun owners, which could have been used to determine their location or real names. It’s easy to think about data breaches in terms of hacking, but many data breaches stem from negligence or human error.
People don’t secure databases, let other users access resources they shouldn’t or send emails with more information than necessary. Whatever the cause, accidental data breaches are a fact of life.
Burglars hit the Moreton Police District and stole a substantial number of firearms. The Queensland Police Service sent an email with the subject line “weapons audits,” advising people to remember to lock their guns. The problem was that the email contained 500 email addresses of firearm owners, which everyone could see. It’s easy to make determinations just from the email address, including the full name.
The police department quickly sent another email asking people to delete the previous email.
“Dear recipient, earlier today an email was sent from our Crime Prevention Unit, Caboolture Police to a number of individuals with an overall strategy of sharing information and ensuring the security of weapons is optimally maintained, compliant with weapons licensing requirements,” said District Officer Superintendent John Hallam, the Sydney Morning Herald reported. “Regrettably, an error occurred in that individual email addresses were visible in the email.”
John Hallam wasn’t the one who sent the original email. An investigation is now underway to determine how this privacy leak was possible in the first place. The law enforcement agency apologized for the confusion and for revealing the gun owners’ names to the public.