In a story just dripping with irony, e-mail security vendor, McAfee, has accidentally sent the contact details of more than 1400 conference attendees in a spreadsheet attached to a thank you message.
On July 17, McAfee held a security conference at the Sydney Convention Centre. The event was well attended by about 800 guests. But in e-mail a week later thanking people for attending, McAfee added a spreadsheet containing names, numbers, e-mail addresses, employment details and even dietary requirements of 1408 people.
As expected, McAfee went into damage control and immediately posted a message to those who received the list asking them to delete it.
But by then the damage was done. Steve Murphy, IT consultant and one of the 1408 people on the list, said the incident was “a real concern”.
“McAfee is brushing over it saying that it was just contact details, but it was the full registration database,” he said. “It is commercial-in-confidence information but these days social engineering is one of the most important aspects of security – it’s the kind of information that anyone can use.”
Murphy, who posted screengrabs of the emails on Flickr, discovered the mistake when he read the email newsletter and follow-up message.
“When I received the second email I was a little amused – until I opened the file and saw what was in there. Once I found out the details, I was horrified.”
A spokesperson for McAfee said the company sincerely apologised for the outcome and the inconvenience caused.
"Due to a human error, the contact list for a seminar [held two weeks ago in Sydney] was mistakenly attached to a promotional e-mail being sent to conference delegates. This contact list included common conference registration information but did not include any financial information," the spokesperson said.
"McAfee managed to intercept this e-mail before it was sent to all recipients, so it is uncertain how many recipients received the list."
McAfee has taken "the appropriate steps" to inform people of the mistake.
"We apologise for this error and are taking steps to ensure it doesn't happen again."
Let’s hope the “appropriate steps” to prevent this type of data loss includes the use of a McAfee Total Protection for Internet Gateways.
By combining email and web security with data loss prevention in one affordable solution, McAfee Total Protection for Internet Gateways helps you protect against malware attacks and keep sensitive information secure, according to the company.
“Automatic enforcement of industry and regulatory controls – Apply policies consistently to stop sensitive and protected data from leaving the enterprise through email and web traffic.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.