List of members: Asthma association sends Excel file to members' mailing list

The German Allergy and Asthma Association (DAAB) inadvertently sent out a complete list of all its members on June 14. Heise online received information about this from readers. According to the association, it sent the file to all 10,000 members "due to an internal administrative error". The attached Excel spreadsheet, which was actually intended for sending serial letters, listed data such as the email address, name, address and date of birth of all members. Members are usually asthma or allergy patients. The DAAB has not yet responded to queries from heise online.

Accidental dispatch

The DAAB subsequently contacted the recipients of the email again to point out the "inadvertent" mailing and requested that the data be deleted. However, according to the email, the file contained neither passwords nor financial or health data. According to information from the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Bettina Gayk, it is likely that the email was sent "due to an unfortunate human error". According to Gayk, there is a "medium risk". It was not necessary to inform those affected.

For the former data protection commissioner of Schleswig-Holstein, Thilo Weichert, the leak does not pose a low risk. "Of course, the circumstances on which the risk of misuse depends are relevant. In this case, sensitive data that is particularly protected under Article 9 of the General Data Protection Regulation is obviously affected," explains Weichert. He recommends that not only the data protection supervisory authority, "but also those affected, should be informed about the leak so that they can arm themselves against misuse that is possible with the data."

Read also

Lastpass warnt vor überzeugender Phishing-Kampagne

(mack)