Transport Scotland Apologizes for Email Data Leak

Transport Scotland, the national transport agency for Scotland, reports a data leak exposing participants of the Northern Isles ferry service (NIFS) public consultation. The incident occurred when the agency sent a mass email to update respondents on the conclusion of the consultation process. 

The agency put all recipient addresses in the CC/TO field instead of blind carbon copy (BCC). All recipients were able to see the personal email addresses of all other participants. A failed attempt was made to recall the message. This further compounded the error, as the recall notification redistributed the list of exposed addresses to the same group.

The compromised data includes:

• Personal email addresses
• Association with the Northern Isles ferry service consultation

The number of affected individuals is at least 280. The consultation received over 1,000 responses in total. 

A spokesperson confirmed that the incident was reported to the relevant data protection agencies.