A group email recently sent by DePaul University reportedly exposed the names and email addresses of 656 employees who had completed the school’s wellness program.

According to Crain’s Chicago Business, the Chicago-based private university sent congratulatory emails to faculty members last Dec. 14, but neglected to use the “blind copy” feature. Consequently, recipients’ names and email addresses were visible to each other.

“This is information we simply did not intend to share, and as a result we would kindly request that you delete the email,” DePaul University reportedly told affected individuals in a notification email.” Going forward, we will be taking steps to prevent any recurrence, including automating future emails on this subject. In the meantime, given the very limited content in the email, we have no reason to believe that the information shared creates any risk of identity theft or other harm and therefore do not believe you need to take any further steps at this time.”

Crain’s also noted that DePaul reported the incident to the U.S. Department of Health & Human Services.