As first reported by PandoDaily, the state healthcare exchange New York State of Health sent out a routine email update to recent enrollees — but included each email address in the “to:” line, instead of the “blind carbon copy” section.
Needless to say, any recipient of the email could easily see the email addresses of every other recipient.
“This issue affected a very limited sample; in some cases, a person saw no more than 99 other emails,” the state Department of Health told Betabeat in a statement, leaving it open to interpretation exactly what the scope of the leak was.
“A reminder e-mail to a small group of individuals from NY State of Health regarding the up-coming March 31st enrollment deadline for selecting a health insurance plan inadvertently included the e-mail addresses of the addressees,” said the statement, “Other than the email addresses, no identifying information was included in the email.”
They have also apparently “investigated the cause of this error,” which we imagine took about a minute, and probably concluded that it was an ill-planned mistake and that they should simply not do it again.