Yarra Trams

Yarra Trams, Melbourne's tram network operator, exposed email addresses of thousands of commuters in a data breach caused by a configuration error in their email system.

What Happened

An error in Yarra Trams' email system resulted in commuters' email addresses being inadvertently exposed to other recipients. The breach occurred when a bulk email was sent using a method that revealed all recipient email addresses rather than using blind carbon copy (BCC) to protect privacy.

Impact on Individuals

The exposure of email addresses created a risk of spam, phishing attempts, and unwanted communications for affected commuters. While limited to contact information only, the breach violated commuters' expectations of privacy when providing details to the transport operator.

Organisational Response

Yarra Trams acknowledged the data breach and took steps to ensure the error would not be repeated. The incident highlighted the importance of proper email handling procedures for organisations managing large customer databases.