[gorbachev]

The security blunders are obviously horrible, but MAYBE explained by inexperienced developers tasked with something way beyond their understanding.

But how on earth did anyone approve storing confidential customer documents in an email account? This seems to indicate there's nobody in charge that understands anything about how to run this business. And if it's a subsidiary or outsourcing partner, it also shows that nobody has ever audited this business.

This is criminally negligent behavior from the company owners, and whoever is contracting them to do this work.

[blcknight]

> But how on earth did anyone approve storing confidential customer documents in an email account?

Given the competence shown here, I doubt anyone approved anything. Most likely saving sent mail was a feature of whatever mail server they're using and it was a byproduct of the dumb decision to use an actual account for a "noreply" address.

[blowski]

I saw a fairly large estate agency system that bcc’d every outgoing email from their system to a shared account everybody then synced to Outlook. It was part audit log, part debugging tool, part database backup.

They changed when they realised employees were taking all their customers’ details to new jobs.

[dredmorbius]

The most salient element of this story is that it is business trade secretes (such as customer lists) that motivate enterprises far more than customer privacy.

A friend who's taken Visa's data confidentiality training several times notes that customer data is secondary to Visa's own marketing campaign details.