Carbonite Privacy Breach Leads To Spam

richi writes "It looks like Carbonite, Inc. has been giving out customers' personal information. The company has admitted to giving customer email addresses to a third party, in direct contravention of its privacy policy. A company statement reads: 'Carbonite has discovered an advertiser misappropriated our e-mail list during the process of one of our e-mail marketing campaigns. When Carbonite launches an e-mail marketing campaign, it provides a suppression list to e-mail advertisers so that Carbonite customers do not receive promotion emails from Carbonite (since they’re already customers) and importantly, so that people who have opted out of receiving emails from Carbonite do not receive future email from us. This list was mishandled by an advertiser and we have taken immediate remedial efforts. As an online backup company, the security and privacy of our customer data is our top priority. We take all matters related to privacy very seriously. The matter will be addressed privately with the involved third parties and we will ensure that all customer e-mail addresses are permanently removed from their database.'"

This is news?

Anyone with a domain of their own knows most companies give out personal information either willingly or accidentally.

Sign up with accounts like facebook@yourdomain.com, slashdot@yourdomain.com, twitter@yourdomain.com (to pick a few) and you'll find two thirds of those get spam directly to it.

Sometimes it's days later, sometimes months or years, but its inevitable. Why is this news?

Re:Who was it?

[richi]

Richi Jennings, author of TFA here.

I have a couple of leads on the identity of the advertiser; I plan to name&shame once I have enough evidence.

However, as Bill rightly points out in his reply, it's Carbonite that's primarily to blame, for ignoring its own privacy policy.