More than 4,000 New Brunswickers who signed up for government-funded online training courses are being warned to keep a close eye on their email accounts after their email addresses were released.
Skillsoft, which develops and manages the professional courses the government offers to those looking to upgrade their skills through SkillsNB, sent an email Thursday offering assistance to people who had signed up.
The problem was it CCed everyone, which meant everyone's email address was visible to everyone else.
New Brunswick's privacy commissioner is investigating.
Skillsoft's vice-president of inside sales for North America, Chris Cummins, is apologizing for the privacy breach, calling it a "human error in the process."
The "email went out, emails were shared, we understood the root cause, we fixed the root cause so that it wouldn't happen again," said Cummins.
"And again, most of our users who did come to us, obviously slightly annoyed, understood the mistake, we apologized and we're fixing it going forward."
Cummins says the company received about 40 email complaints, and one person withdrew from its mailing list.
Skillsoft isn't issuing any cautionary email to its users, he said.
But Natalia Stakhanova, who holds the research chair in cyber security at the University of New Brunswick, says the more than 4,000 people affected should be on guard for suspicious emails in the weeks to come.
"I would suspect they would see more spam, and perhaps even phishing, more targeted phishing attacks coming," she said, referring to emails that attempt to elicit more personal information from users.
Privacy Commissoner Anne Bertrand declined to comment on the case, citing the ongoing investigation.
She did not provide any estimate for when her probe would be complete.
It's not unusual for businesses to contact thousands of customers at once, but they normally have email management software that blind carbon copies, or BCCs, everyone. That way, recipients only see their own email address, and no one else's.