This is an example of a small overlook that cause personal data breach that tarnish the brand.

A spokesman for Ikea Singapore said the incident occurred at 4.57pm last Thursday and that it “regretfully made an error of inserting 410 individual e-mail addresses in the ‘To’ field in an Ikea service delivery promotion e-mail sent to our customers”, making the e-mail addresses visible to all recipients of the mailer.

However, the second e-mail it sent to quickly notify affected customers about the leak and to apologise included an internal draft of the apology instead.

“In our haste to notify the customers as quickly as possible, we again made a mistake by sending half the recipients an internal draft of the apology notice instead, an oversight that we are embarrassed about,” Ikea said.

Ikea said it takes customers’ personal data integrity seriously and has notified the Personal Data Protection Commission of Singapore (PDPC)

Link to Article from Straitstimes.