Full marks to the Dutch Data Protection Authority for reporting itself to itself after making a classic data boob. It spilled personal details and in the process breached the EU’s General Data Protection Regulation.

The Autoriteit Persoonsgegevens, as it’s known in Dutch, sent out an email titled “What does the Privacy Act mean to you?” The email was, wait for it… part of a campaign designed to raise awareness of Europe’s GDPR legislation.

The mail was sent to 38 journalists and editors with the aim of attracting press coverage. However, it exposed the email addresses of all the recipients by adding them to the mail as ‘cc’ rather than ‘bcc’ which hides email addresses.

Ok, it’s not exactly a data breach shocker, but this is an organisation charged with policing the data privacy activities of big beasts like Facebook, and Microsoft.

Journalists who received the email asked Autoriteit Persoonsgegevens whether it would report itself to itself.  It duly did. Though… tsk tsk, it wasn’t within the 72 hour time frame mandated by GDPR.

That said it is surely a good example of being transparent when private data accidently spills into the public realm. But there must be a few people within the organisation kicking themselves, or being kicked by others, for being a little too transparent in revealing the information in the first place.

Speak of unconventional moves a crypto currency company recently hacked its own system to prevent hackers from hacking its customers.

The company, Komodo, unauthorisedly transferred nearly 8 million of its crypto tokens and 96 Bitcoins from customers’ cryptocurrency wallets to a new address owned by the company.

Komodo didn’t tell its customers which must have caused some consternation if they checked their cryptocurrency wallets.

The company said it discovered a malicious open source, third-party JavaScript library that the company was using in its Agama Wallet app.

A few months ago the open source, third-party JavaScript library received an update from its anonymous author.

This is par for the course but the update included a secret backdoor in the new code designed to steal and send private key and other login passphrases to a remote server.

Upon discovering the vulnerability, Komodo used a similar password stealing technique against its users to gain access to as many affected wallets as possible and transfer customer funds to a safe wallet before hackers stole them.

Unusual? For sure. But Komodo customers must surely be happy.