Security/GDPR Breach

[Hoppinggreen]

I do some Freelance work online for a large PS organisation. What I do has to be confidential, I am not allowed to let anyone see what I am doing. My family know WHAT it is but not the specific people involved as it could be dangerous for them.
Everyone who does my job has to be Security cleared. There have been some changes handled very badly with contradictory emails sent out which is a bit annoying and takes up a bit of my time to sort but no biggie.
I had an email yesterday concerning a training update with over 100 emails CC'd in, presumably other Freelancers who do my job and I am assuming it was supposed to be BCC as normal.
I imagine they know by now but I have had nothing else from them.
I mentioned it to DH (also security cleared but not involved and I haven't shown him the email) and he says that its VERY serious and I should report it. I thought it was a GDPR issue but DH says its a Security Breach which is far more serious
Should I and to who?
Its obviously just a cock up by someone who will no doubt get a slapped wrist at least so I am inclined to do nothing
Other opinions welcome

The sender is a generic email and I have no idea how to contact the Data protection person as I explained.
I was wondering if anyone had any advice on what to do if anything.
I have taken advice given and emailed the mailbox the email came from
Thats why I turned to Mumsnet on this, if it was as simple as you suggest I would have done that instead

You must have some sort of contact within the organisation (else how fo you get work?) - ask them?

So contact HR regarding something that’s not an HR responsibility, because they’re accessible? That’s like suggesting that HR is the secretarial/admin function for an organisation. If you need signposted to the right team, it’d make more sense to contact their customer service function, or their generic contactus @ thispublicsectororg.gov.uk email address, surely?

Anyway, since it’s public sector, their website is almost certainly going to provide a contact for their DPO or information governance team.

Do you always know the answer to everything? There's never been an instance where you needed to turn somewhere to get guidance on a new situation? Lucky you!

Yes, because certainly at our HR, they know the company inside out and know who is responsible for what. They also know the seriousness of such issues, and the urgency of getting things passed to the right person asap.

It comes from an allocations email we can't respond to but I have now emailed the mailbox the training update that made all the emails visible from.
I have said what I have done several times now

This is why I said HR

finding a data contact in a PS organisation is a task in itself.

@Hoppinggreen the PS company must have a privacy policy that you have to adhere to. Find this and you should find within it the contact details for the DPO.

Ar