UK-based rail operator c2c exposed its email list last week when sending a mass communication to its list without bccing the recipients. The email was sent to 543 customers alerting them to a delay in the system's repay pilot program. Instead of bccing the list, the operator cced everyone on the list, therefore exposing the email addresses of everyone involved.