We have attached an easy guide on how to access your documents.Sadly, they also included another attachment along with the "easy guide on how to access your documents". It's a comma separated value file (csv) called thurs.csv which contains 3681 customer records detailing - amongst other things - names, phone number, email addresses and user IDs and passwords.
These include gov.uk accounts such as the Foreign and Commonwealth Office, the Audit Commission. and a large number of local councils. Someone using the details would, potentially, be able to login into the billing set-up for these organisations and gain detailed sensitive information.
I believe the phrase "whoops" applies.
I am currently trying to contact Demon about this, and have spoken to Microgen and waiting for a callback. I am still trying to establish if this cock-up occurred on the Demon or the Microgen side.
UPDATE: The above has been corrected as the "easy guide" was also attached and this file appears to be an additional attached file.
Update II @ 10:06am: Microgen are currently looking into this with Demon.
Update III @11:45: The Register is reporting that Demon are changing people's usernames and password.