A doneWebs partner that delivers email services, One.com, have informed us that a serious technical issue in their email system might have caused a data leak which could contain sensitive information. Such technical issues are unacceptable, and we are requesting assurances that appropriate steps are taken to ensure that such an incident does not occur again in the future. At this time, only two doneWebs customers have been identified as potentially impacted by the incident, but none have been confirmed. These customers have been informed about the incident, and we are working with them to ensure compliance with requirements under GDPR and other privacy legislation as part of our Legal Compliance service, which is included in all doneWebs subscriptions.

Our service partner provided the following statement:

On Monday February 22, from 10:38 to 13:13 CET our email platform experienced a technical issue affecting a small portion of email accounts.

A bug caused email addresses to not disconnect from our mail server after sending an email. This might have caused that the next sent mail was also sent to the previous recipient(s).

There is a risk that some email accounts may have been impacted, that has sent e-mails within this time-span. We can not be sure that mail-recipients are affected, but we ask you to consider this, especially if the e-mails sent are of a sensitive nature.

If the mails sent contains personal data, there are potential GDPR-requirements.

What does this mean for you?

Due to this unfortunate event, there are potential steps you need to take in regard to the GDPR (General Data Protection Regulation) regulation.

Since you are the domain owner (Data controller), we advise you to;

• assess if this incident needs to be reported to the appropriate data authorities in your country.
• assess if there is a high risk that the rights and freedoms of your customers (the data subjects) are in danger, and if so notify them.

Whether you need to report this will depend on the type of data included the e-mails sent and your local data authority’s guidance on GDPR Article 33 and Recital 85.

We are identifying which e-mails addresses that mail have been sent to and we are able to help with further information if you contact us.

We would like to give you our sincerest apologies for this situation. Customer privacy is and always will be our top priority. We take this situation very seriously and will do everything to make sure that this will be prevented in the future.