Experts Reacted On News That Micropayments Company Coil Exposed Hundreds Of Customer Email Addresses

Micropayments company Coil has emailed users its new privacy policy but, in error, put hundreds of their users’ email addresses in the “To:” field – breaching their privacy.

Coil has become aware of the incident and sent an apology email with a subject line “Please forgive us”.

More on that story here: https://www.theregister.com/2020/11/17/coil_email_data_breach/

Experts Comments

November 17, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
I think security risks stemming from this particular incident are from low to zero. Emails, abstracted from other PII that was reportedly not affected in any manner, are of no value for cybercriminals who enjoy billions of compromised records with full stacks of highly sensitive data being accessible on the Dark Web. Moreover, emails can frequently be found on Google or even at corporate websites. Furthermore, given that the emails are only disclosed among a limited number of the affected.....Read More
I think security risks stemming from this particular incident are from low to zero. Emails, abstracted from other PII that was reportedly not affected in any manner, are of no value for cybercriminals who enjoy billions of compromised records with full stacks of highly sensitive data being accessible on the Dark Web. Moreover, emails can frequently be found on Google or even at corporate websites. Furthermore, given that the emails are only disclosed among a limited number of the affected users, it is unlikely any regulators will have strong enough interest to intervene and are more likely to issue a warning at best. Likewise, victims will highly unlikely have an actionable legal claim under the circumstances, even less likely to monetary compensation. Obviously, the surrounding context of this regrettable incident is pretty unusual and embarrassing but no one is immune from human error. Probably, many of the affected people were working or supporting an organization that had committed a similar mistake in the past: there is nothing you can do to entirely eliminate the human factor. I do understand the rage of the affected users, however, any propagation of the disclosed emails to third parties or share them in social networks may trigger legal ramifications for them. I think the company and the affected users will find a mutually acceptable settlement soon and turn the page.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.