In reply to hang_about:
> Sounds like the former - there's a package of business tools and this was implemented by default.
Then it's certainly a failure of duty of care; developers of 'secure systems' handling confidential information should be checking that their system is not bypassing that security, and leaking information.
it's bloody disgraceful; they need to be prosecuted.