Council in UK's City of York outs hundreds of disabled residents with a single email blunder

City of York Council mistakenly sent emails without using BCC, exposing the email addresses (and by association the disabled status) of hundreds of Blue Badge holders. The council activated its data breach procedures, is conducting a risk assessment, and the ICO has received a report and provided advice; there is no indication in the report that the breach was due to malicious activity or that data was actively exploited.