The Metropolitan Police Service has confirmed that it "inadvertently" shared the email addresses of more than a thousand victims of crime with other victims.
The breach, which took place on Monday 30 January, was blamed on human error.
A total of 1,136 emails were sent out in seven batches of between 119 and 198 recipients. The addresses were placed in the wrong box, which meant they were visible to all the other recipients in the batch.
No other personal details were shared in the blunder.
"The Crime Recording and Investigation Bureau (CRIB) project was emailing out a survey to ensure that victims were receiving a better service as part of the MPS creation of a single telephone investigation unit for London," MPS said in a statement.
It added that it is reviewing its processes to ensure that similar mistakes are not made in the future.
It has notified the Information Commissioner's Office (ICO) of the breach. The information watchdog has the power to fine organisations up to £500,000 for a serious data breach.