Britain's information watchdog is considering action against the Metropolitan Police after more than 1,000 email addresses of victims of crime were disclosed.
Scotland Yard admitted that it "inadvertently shared the email addresses of a number of victims of crime with other victims" in what may be a breach of data protection laws.
The force blames human error for the disclosure, which occurred on 30 January.
"In total 1,136 emails were sent out in seven batches of between 119 and 198 recipients but because the addresses were put in the wrong box they were visible to the other recipients in the batch," said a statement.
"No other personal details were revealed and we are contacting everyone affected to explain what happened and to apologise."
It also said it would launch a review to prevent something similar happening in the future.
"We have recently been informed of a possible data breach which may involve the Metropolitan Police," said a spokeswoman for the Information Commissioner's Office (ICO)."
The ICO can dish out fines of up to £500,000 for data breaches, as well as launch prosecutions.