John Lettice has a commentary on the recent breach where Gwent Police sent a reporter from The Register a file with criminal records checks on 10,000 people:
In the case of the autocomplete disaster that’s just happened to Gwent Police, the original error wasn’t spotted until The Register told reported it, and was even compounded by a second email alerting a baffled Chris Williams to an updating of the internal phone directory (but no, at least they didn’t send us the directory as well). As we understand it, Gwent has an officer with a similar name, so unbeknownst to himself our Chris Williams had blundered onto a distribution list, and presumably would have continued to receive Gwent bulletins, perhaps even slowly moving up the distribution pecking order.
However… Although we accept that Gwent also takes this matter very seriously and will make honest and strenuous efforts to control the data it handles, it is the nature of the beast – the Criminal Records Bureau checking regime – that this kind of leak will happen again and again. Autocomplete errors, poor list management and (we suspect) excessive use of the cc filed aside, the elephant in the room is that file – why was it even possible for someone to have that volume of sensitive data in a single file, far less to email it out unencrypted?
Read more in The Register.