UK markets closed
  • FTSE 100

    7,027.58
    +59.28 (+0.85%)
     
  • FTSE 250

    22,883.39
    +206.11 (+0.91%)
     
  • AIM

    1,232.54
    +4.45 (+0.36%)
     
  • GBP/EUR

    1.1675
    -0.0013 (-0.11%)
     
  • GBP/USD

    1.3754
    -0.0013 (-0.10%)
     
  • BTC-GBP

    25,080.66
    +429.62 (+1.74%)
     
  • CMC Crypto 200

    786.33
    -7.40 (-0.93%)
     
  • S&P 500

    4,411.79
    +44.31 (+1.01%)
     
  • DOW

    35,061.55
    +238.20 (+0.68%)
     
  • CRUDE OIL

    72.17
    +0.26 (+0.36%)
     
  • GOLD FUTURES

    1,802.10
    -3.30 (-0.18%)
     
  • NIKKEI 225

    27,548.00
    +159.80 (+0.58%)
     
  • HANG SENG

    27,321.98
    -401.86 (-1.45%)
     
  • DAX

    15,669.29
    +154.75 (+1.00%)
     
  • CAC 40

    6,568.82
    +87.23 (+1.35%)
     

An email sent by One Medical exposed hundreds of customers' email addresses

·2-min read

Primary care company One Medical has apologized after it sent out an email that exposed hundreds of customers' email addresses.

The email sent out by One Medical on Wednesday asked to "verify your email," but one email seen by TechCrunch had more than 980 email addresses copied on the email. The cause: One Medical did not use the blind carbon copy (bcc:) field to mass email its customers, which would have hidden their email addresses from each other.

Several customers took to Twitter to complain, but also express sympathy for what was quickly chalked up to an obvious mistake. Some users reported varying numbers of email addresses on the email that they received.

To view this content, you'll need to update your privacy settings.
Please click here to do so.

https://platform.twitter.com/widgets.js

We asked One Medical how many customers had their email addresses exposed and if the company plans to report the incident to state governments, as may be required under state data breach notification laws, but we did not immediately hear back.

In a brief statement posted to Twitter, One Medical acknowledged the mistake, said: "We are aware emails were sent to some of our members that exposed recipient email addresses. We apologize if this has caused you concern, but please rest assured that we have investigated the root cause of this incident and confirmed that this was not caused by a security breach of our systems. We will take all appropriate actions to prevent this from happening again."

On the scale of security lapses, this one is fairly low down on the impact scale — compared to a breach of passwords, or financial and health data. But the exposure of email addresses can still be used to identify customers of the company.

The San Francisco-based One Medical, backed by Google's parent company Alphabet, went public last year just prior to the start of the pandemic.

Read more:

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting