Exploit: Accidental data exposure
Yarra Tram: Melbourne-based tram network

Risk to Small Business: 2.555 = Moderate: A Yarra Tram officer email to 91 commuters rejected their compensation requests, but the employee failed to conceal the email addresses, exposing them to the other recipients. Embarrassingly, in a follow-up email that attempted to recall the initial message, the sender once again failed to conceal recipient names. Victims took to social media, complaining about the error. Despite being entirely avoidable, this unforced error will result in a reputational black eye for the company, which will have to work with its customer base to restore trust after this incident.

Individual Risk: 2.714 = Moderate: Recipients’ email addresses were exposed in the message. While this information doesn’t pose a significant threat to data security, it could be used to send phishing emails, and users should carefully evaluate any unusual incoming messages.

Customers Impacted: 91
How it Could Affect Your Customers’ Business: Companies face cybersecurity threats from every direction, making internal, unforced errors especially egregious. Often, accidental data sharing is the result of a careless approach to data privacy. Therefore, every organization has an obligation to train their employees in the importance of data security and implement defensive best practices to reduce the risk of an embarrassing and costly data breach.