Information Age: News, analysis & insight for IT & business leaders

A mailing list belonging to the BBC was obtained by spammers and used to sell Viagra and Cialis

A BBC email list of people who had signed up to receive information on next month’s Electric Proms music festival has been hijacked by hackers and used to send spam for anti-impotence medication.

Conservative MP John Whittingdale of the Commons Culture Committee described the incident as “very serious” and criticised the broadcaster for compromising its “reputation of integrity and trust”.

"The idea that the BBC, albeit inadvertently, could be used to distribute potentially harmful e-mails which could lead to ID theft is something that I expect them to take very seriously indeed,” he said.

Managing director of corporate security firm GSS, David Hobson, said the breach could threaten the security of businesses where employees had used their business email addresses.

"Whilst it's likely that many of the people who signed up to this list were using their personal email addresses, it's a sure-fire bet that some were using their business addresses,” he said.

“If one or more members of staff at a company had signed up to the BBC mailing list in question, then that employee has effectively opened the company's IT resource up to a spam and/or malware attack. Granted, the end result is outside of the staffer's control, but it does explain why staff should not use their company mailboxes for personal messages,” he concluded.

A BBC spokeswoman blamed the incident on an “administrative error”, adding “we wish to assure all subscribers that no details have been passed on to third party companies and all the data held on our systems is completely secure.”

However this is not the first time the national broadcaster has been drawn into the data protection controversy. A contractor working for the BBC recently lost a laptop containing the personal details of 250 children who had signed up to appear in a television show.