Energy firm E.On has apologised after including hundreds of customers’ email addresses in requests for their meter readings.
The emails should have been sent to individuals only, but included another 497 recipients due to a “system error” with the automated service, E.On said.
The company also said the incident was spotted “within 4 minutes” of being sent.
Customers have warned they may inform the UK’s data watchdog for being in breach of GDPR regulations.
E.On has released a statement apologising for the error, “which happened when an email was sent to a limited group of customers requesting meter readings”.
The energy supplier also added that no account information or financial details had been included, and that it was talking with customers affected and those raising concerns about the sharing of details.
“An internal investigation is under way, and the appropriate authorities will be notified where required,” E.On said.
Tony Pepper, founder of cyber-security firm Egress Technologies, said E.On has a duty of care to protect customers information from falling into the wrong hands.
“Although at this stage it seems unlikely that any harm will come to the individuals as a result of this breach, E.ON has a duty of care to protect such information from any risk of falling into the wrong hands, so it will be interesting to see what they intend to do to resolve the slipup,” he said.
“This is a simple but sometimes devastating mistake to make,” he added. “This is a cautionary tale for any organisation that frequently relies on the Bcc field when communicating with customers, clients and service users.”