City of York Council accidentally exposed the email addresses of hundreds of Blue Badge holders by sending messages without using blind carbon copy (BCC). Because the list was for Blue Badge-related communications, recipients could also infer that others on the list were disabled or had mobility impairments, making the breach especially sensitive. The council said it triggered its breach procedures, warned recipients to watch for suspicious messages, and the UK Information Commissioner's Office said it received a breach report and closed the case with advice.
Why it matters: This is a meaningful privacy breach because it exposed not just contact details but sensitive status information about disabled residents. Affected people should be alert for phishing or harassment, and public-sector organizations should review bulk-email controls and handling of special-category personal data.
2026.06.05
100% relevant
This article establishes a distinct local-government data breach event involving City of York Council's mistaken disclosure of Blue Badge holders' email addresses and inferred disability status.
← Back to all stories