Addressing the EthCC Student email incident

WHAT HAPPENED

On the 28th of March 2023 around 1pm CET, one of our employees sent two emails (a) and (b) to the candidates of our Student program:

(a) One email to the 200 email addresses that were selected in the program

(b) One email to the 300 email addresses that were not selected in the program

In both emails, the recipient addresses were added in CC (Carbon Copy) instead of bCC (Blind Carbon Copy) thus making the complete list of email addresses readable for the other recipients of the respective email. Therefore:

• If you have been selected in the program, your email address has been mistakenly shared with the 200 other addresses selected in the program
• If you have not been selected to the program, your email address has been mistakenly shared with the 300 other addresses that were not selected in the program

We deeply apologize for any inconvenience caused by this human mistake. Our colleague in charge of those emails did not follow the correct procedure to send the emails which led to this situation.

WHAT PERSONAL INFORMATION WAS INVOLVED?

In both emails (a) and (b), only the email addresses of the individuals were mistakenly shared to the other participants of the program, respectively 200 and 300 other individuals.

WHAT WE WE HAVE DONE AND WHAT WE ARE DOING

The same day in the evening, on the 28th of March, we notified the CNIL, the French Data Protection Authority which ensures that data privacy law is applied to the collection, storage, and use of personal data for the email leak of both emails (a) and (b). We are actively monitoring for evidence of the database being sold on the internet, and have found none thus far.

In seven years of organizing EthCC we have never been in such a situation. EthCC has been organized every year without interruption by the community and for the community through Ethereum France, a non profit organization based in France. This is the first time for us and we take the matter seriously.

We acknowledge this leak is both troublesome for the people affected and a dent in our reputation. We will do everything possible in the future to make sure it will not happen again. Do note that after each EthCC we purge our data storage of any personal information and will continue to apply best practices in that respect. If you want to read about our Privacy Policy and understand what we do with your data, please click here.

The whole Ethereum-France team sincerely apologizes for the inconvenience that this human error caused.