Payroll services company ADP Australia has inadvertently made a marketing email list accessible on the internet, exposing its customers to spam and phishing messages.
The list, which ADP said was dated 2007, was being used at the time to send out ADP client newsletters. The company said the list only contained email addresses and that no names, addresses or other details had been exposed.
ADP declined to comment on how the list was exposed to the internet or the format in which it was made available.
When the company discovered the information had been leaked, its managing director Richard Watson wrote to affected customers stating "we do not have reason to believe that your email address will be misused as a result of this incident", but conversely warned that "you may receive an increased number of spam or phishing messages".
The company told ZDNet Australia that the leak was a stand-alone incident and that as soon as it was made aware of the issue, it immediately investigated and implemented measures to ensure the information was removed. However, it declined to comment on what those measures may be or ultimately how many of its clients were affected.