On October 10th I received an e-mail from Greg Weiss of Northland Church. Unfortunately, I was not the intended recipient of Mr. Weiss e-mail. Oh well, I have gotten e-mail by mistake before… no big deal. I will just shoot a reply off to him, as a courtesy, to let him know he got the wrong address. But what are these JPEGs attached to the e-mail? They look like scans of a JOB APPLICATION:
It’s important to note that this is not Mr. Weiss’ Job application; it’s that of a third party.
I wrote Mr. Weiss back to let him know what had happened; his reply:
Adam- Sorry for sending that to you. I did indeed make a mistake and typed a wrong address. Please honor the confidentiality of those documents. Sorry again for the inconvenience. Thank you for alerting me to this!
Wrong person to apologize to Mr. Weiss, your lack of respect for people’s personal data could cause someone quite a bit of trouble. This data breach is inexcusable, and your excuse “typed a wrong address” is a bit of a fallacy.
First, e-mail is woefully insecure – unless encrypted, the contents of e-mail (text and attachments) are sent “in the clear.” What this means is that anyone, be that someone sniffing the wire, or an unintended recipient can read the e-mail with zero effort. So, to say the least sending out private data, such as that in a job application, via e-mail as JPEG images is a bit… foolish. At the very least Mr. Weiss should have put the scans in a password protected/encrypted PDF or ZIP file. Even better (but requiring a bit more leg work) would be to put the files in an encrypted PGP ZIP file.
Second, Mr. Weiss first sent the e-mail an invalid address - adamtbyers [at ] gmail.com so his first e-mail got bounced back to him. After the bounce back he then forwarded the e-mail to adambyers [at] gmail.com, apparently thinking that the t was causing the problem. If you are going to send out private data, unencrypted via e-mail at LEAST make sure that you have the recipient’s correct address.
At the VERY least Mr. Weiss should have made sure that he was sending the e-mail to the correct address. This is what bothers me most about this; Mr. Weiss sent an e-mail, containing the personal information of a third party blindly out on the internet. The first e-mail bouncing back should have sent up an immediate red flag - verify the intended recipient’s address - but rather than do that Mr. Weiss decided to blindly send it to a random address. This type of action, when dealing with personal information is grossly irresponsible.
Shame on you Greg Weiss.
After my initial e-mail warning Mr. Weiss of his error I sent several more e-mails to him and Northland Church “management” informing them I would be making this post and requesting comments on the issue. All e-mails went unanswered.
Related: “Dear Curves: respect your client and employee data”
{ 0 comments… add one now }