Infraestruturas de Portugal (IP) has reported a data breach after mistakenly revealing the email addresses of over 300 job applicants. The incident happened during a mass rejection email for a communications director position — the message, intended to be private, was sent using visible CC instead of BCC, exposing every recipient’s address.
IP's data protection officer later sent a formal notice titled “Security incident report – Inadvertent disclosure of email address,” assuring candidates that no misuse of the data had been identified so far. The company apologized and notified Portugal’s National Data Protection Commission (CNPD) as required by law.
Although IP didn’t confirm whether it was a human or system error, the mix-up appears to be a classic case of email mismanagement. The company has since reviewed its internal processes, issued new training, and updated its email protocols to avoid a repeat.
Related News