The Metropolitan Police Service has apologised to more than a thousand victims of crime, after sending them each others' email addresses.
The force made the error when it emailed a survey to the crime victims, only to put their email addresses into the visible CC field rather than the hidden BCC field. A spokesman for the Met told ZDNet UK on Friday that 15 of the recipients complained about the data breach, although it is not yet clear whether any were formal complaints.
"The sharing of the data was the result of human error and occurred on Monday 30 January when the Crime Recording and Investigation Bureau (CRIB) project was emailing out a survey to ensure that victims were receiving a better service as part of the MPS creation of a single telephone investigation unit for London," the force said in a statement on Thursday.
A total of 1,136 emails went out in this manner, in seven batches of between 119 and 198 recipient each. Each person in a batch was able to see the email addresses of everyone else in that batch.
"No other personal details were revealed, and we are contacting everyone affected to explain what happened and to apologise," the Met said. "We are also reviewing our processes in relation to surveys of this kind to minimise the risk of similar mistakes being made in the future, and as a matter of course we have notified the Information Commissioner's Office."
The Information Commissioner's Office (ICO) told ZDNet UK on Friday that it was looking into the situation.
"We have recently been informed of a possible data breach which may involve the Metropolitan Police," the ICO said in a statement. "We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken."
Get the latest technology news and analysis, blogs and reviewsdelivered directly to your inbox with ZDNet UK'snewsletters.