Joe Levi:
a cross-discipline, multi-dimensional problem solver who thinks outside the box – but within reality™

Local Company Leaks Personal Information on 3,000+ People to Mail List

Admit it, at some point in time you’ve inadvertently sent an email to the wrong person, but what happens when it’s a company that you trust that sent the email to the wrong person… actually over 3,000 persons? That would be embarrassing.

What if that email contained an attachment with the company’s email list? That would be a bad thing — and that’s just what happened on Halloween 2007 to an employee at UtahSaves.org. That person was Lesley Scruggs, Financial Management Assistant, Utah State University Extension.

Ms. Scruggs immediately realized her mistake, and sent a "request to delete" email only minutes after the first message went out. It read:

Dear Utah Savers,

I apologize for the prior email. I believed I was sending it to our technical supporters for formatting and didn’t realize I was sending it to the savers. I apologize. It won’t happen again.

Lesley Scruggs

Unfortunately, the damage was already done. After scrubbing the data there were 3,345 unique email addresses sent to everyone on the list.

UtahSaves.org is "a statewide coalition of nonprofit, corporate and government groups helping individuals and families save and build wealth. Through information, advice, and encouragement, Utah Saves assists people who wish to pay down debt, build an emergency fund, afford a home, education, investments, or retirement in order to improve their standard of living and most important, gain peace of mind."

According to the UtahSaves.org website "All personal information will be treated confidentially" and refers users to their privacy policy for more information, which states "We do not sell, rent, share, or otherwise disclose personally identifiable information." The information that was "shared" included first and last names, as well as email addresses. Since this site caters to the state of Utah, it can be deduced that the state in which the people on the leaked list reside is Utah — which could help someone better craft an email phishing for information.

Ironically, UtahSaves.org is funded in part by IHC, an insurance company that recently donated a laptop with HR data (including Social Security Numbers) of over six-thousand employees to a local charity (click to read more about this). Could this be the start of a trend? Or are we just now seeing how little importance personal information is to these two companies?

To voice your complaint you can email info@utahsaves.org or information@americasaves.org or lscruggs@slco.org .

Share

You may also like...

Leave a Reply