Hacked BBC mailing list 'could have been avoided'
Names and addresses on a BBC mailing list have been exploited by hackers.
The recipients received emails offering Viagra and Cialis and caused John Whittingdale, chairman of the all-party Commons Culture Committee to describe it as a ‘serious incident.'
The names on the list were from people who had signed up to receive information on the BBC's Electric Proms event.
John Whittingdale said: “This is a very serious incident and I would expect them to take urgent action. The BBC's reputation is based on integrity and trust, and that means it is important to protect people from harmful e-mail content. The idea that the BBC, albeit inadvertently, could be used to distribute potentially harmful e-mails which could lead to ID theft is something that I expect them to take very seriously indeed.”
Although the emails did not contain any viruses, a BBC spokeswoman said: “As a result of an administrative error, spam mail received by the BBC was accidentally sent out to subscribers of the Electric Proms mailing list. We apologise for this mistake and have contacted everyone on the list to explain the situation. We wish to assure all subscribers that no details have been passed on to third party companies and all the data held on our systems is completely secure.”
Global Secure Systems (GSS) said that this highlights the dangers that spam poses modern companies. Managing director David Hobson said that this shows why companies should - wherever possible - mandate that staff do not use their company mailbox for personal email, and that through the use of policy enforcement software on company IT resources and deploying effective anti-spam plus security software, it is possible to minimise the possible effects of misuse of company email resources.
David Hobson said: “Whilst it's likely that many of the people who signed up to this list were using their personal email addresses, it's a sure-fire bet that some were using their business addresses. And this highlights a growing problem amongst firms, namely the increasing use of company mailboxes for personal messages.
“If one or more members of staff at a company had signed up to the BBC mailing list in question, then that employee has effectively opened the company's IT resource up to a spam and/or malware attack. Granted, the end result is outside of the staffer's control, but it does explain why staff should not use their company mailboxes for personal messages.
“That isn't to say that it's possible to stop the company IT system from being infected as a result, but the BBC incident shows – quite clearly - why firms should have a company policy banning the use of staff mailboxes for personal use.”