Email security firm deletes thousands of emails

An email security scanning company has accidentally deleted thousands of its customers' emails.

GFI, a Microsoft "gold certified partner", is now offering free upgrades to all its customers after it trashed their emails by sending out incorrect update information.

According to GFI, the problem occurred because of a change in BitDefender's technology, one of the products that GFI uses for its email scanning. When the GFI MailSecurity update mechanism tried to install BitDefender updates on customer networks, the service started to delete all emails by default. BitDefender and GFI then rolled back the updates.

A BitDefender spokesman said: "We've learned our lesson. From now on we'll try to give more support to our integration partners. The other companies that integrate our scanning engine did not have the same problem."

A reader of silicon.com's sister site ZDNet UK affected by the problem says a GFI salesman told him the update had not been tested.

Jeremy Whiteley, chief executive officer at Promarketing Gear, said: "We were pretty surprised this morning to find that all of the email which arrived overnight had been deleted. Even more troubling was the fact that, according to GFI's US sales manager, they released this update without testing it! I guess they expect me and my IT staff to play the role of tester, regardless of the cost to my business… We're reconsidering our reliance on GFI going forward."

GFI denied not testing the update, but apologised for the blunder and has promised all customers a free upgrade to its MailSecurity 9 product, which is available in two months' time. The company has also released a tool that can tell customers which emails were deleted and when.

Angelica Micalleff-Trigona, PR manager for GFI, said: "All our updates are tested before issue. Unfortunately, some changes had been made to BitDefender. We were not aware of this and we did not forsee this problem. We are deeply sorry for what happened. It took us by surprise."