Recently we have all become somewhat over-exposed to the leaking of customer data courtesy of inadequate security allowing hackers to gain access to databases. The LinkedIn LeakedOut leak and eHarmony dating data disaster are good examples of the genre. However, let's not forget that sometimes no hackers are required to make a security and privacy slip up. Sometimes the in-house folk are all that is required to kick-start an embarrassing data leak. And that's what appears to have just happened to an undisclosed number of Acronis customers who have been sent emails informing them that "a spreadsheet containing a few email addresses and upgrade serial numbers" had been indexed by search engines.

One customer who received the email from Acronis, a company which provides data backup software and services, was Mike Hall who called the fact that it still included a default signature stating that "Acronis does not supply customer information to any third party" to be something of an epic fail in the circumstances.

The email, which went out yesterday afternoon, and is signed by Ed Benack, Chief Customer Officer, Acronis Customer Central, blames an unspecified 'technical issue' for allowing a spreadsheet containing emails and upgrade serial numbers to be "indexed by the search engine" and assuring them that no additional data was leaked which could identify individual Acronis customer accounts or put them at risk of breach. Indeed, the email insists that the spreadsheet concerned was only searched for and downloaded by 14 people and insists "We have their IP addresses and we are working with their ISPs to notify them of this issue and to ask to delete the file". Good luck with that, but in the meantime Benack goes on to explain that the spreadsheet file has now been removed from the server, search engines contacted with a request to have the index removed (good luck with as well, Mr Benack) and notifications sent to all customers concerned.

Although the actual impact in terms of risk to customers here is miniscule as the error appears to have been picked up quickly and the data concerned inadequate to breach nay account security, it does leave me wondering just what the 'technical issue' was and whether it was simple human error or something more sinister. At the moment all we know is what that email tells us, namely that Acronis claim their database solutions are secure but this technical issue "made the spreadsheet have lower rights than it should have". Just as well the technical issue didn't hit a spreadsheet containing financial information, login information or something more of a security risk than email addresses then. It also makes the Acronis brand statement of taking "a more effective approach to managing your data protection and disaster recovery needs" a little less robust than it was before.

Acronis has apologised to customers for the inconvenience caused and offered them a complimentary upgrade to Acronis True Image Home 2012 by way of compensation.

At the time of writing nobody from Acronis was available for comment.

Here's that Acronis email in full: