Earlier this morning a total of 745 Weapons license holders in the Moreton Bay Region received one of two mass emails warning them that
“Recently there have been a number of break and enters within the Moreton Police District where a substantial number of firearms were stolen”
And that in response to this.
“Police from Moreton District will be conducting weapons licencing audits in the coming months so take some time and read the information and ensure you have everything in order.”
Unfortunately for Queensland Police they have made the rookie move of sending mass emails with everyone’s address in the ‘To’ field rather than using the “BCC” field or just sending them out individually (There are services to handle mailing lists after all). Helpfully we can tell that the QPS don’t seem to be able to send emails with more then 500 in the ‘To’ field, unfortunately that meant they were cluey enough to divide the list into the first 460 email addresses from A to M and the second 285 addresses from M to Z.
Unfortunately this would seem to be a data breach of the sort contemplated under the Federal Privacy legislation, worsened by the fact that this now potentially compromises the email addresses of the 748 people within the Moreton district who do have Firearm Licenses. With many people using the more professional first & last name combination for their email addresses instead of an alias, this has the very counterproductive effect of potentially contradicting the helpful suggestion from the police of “Don’t make it public knowledge that you possess firearms”. They have just established a veritable honeypot of information on everyone who has firearms in the Moreton region.
Hilariously 23 minutes later QPS having realised their mistake sent through an email retraction request, whilst those might be somewhat effective on internal corporate email systems sadly in the wider world of email they are simply a notification to everyone that you made a mistake.
Whilst we give a 7/10 for content and intent, it’s a solid 0/10 for execution. Maybe QPS should invest in some sort of fancy system for their officers to send mass emails, we hear Mailchimp isn’t bad. Or even failing that, a stern talking too about using the BCC field for improtue mass emails isn’t a bad idea.
Update:
After publication QPS sent out a follow up email to apologise for the mistake.
Leave a Reply