Glassdoor is facing a class-action lawsuit after the company review site accidentally revealed the email addresses of more than half a million of its users.

Glassdoor issued an email update that mistakenly included customer contact information. Customers’ email addresses were visible in the cc line of the email, as opposed to being confidentiallyhidden in the bcc line.

The emails were sent in multiple batches of people containing 1,000 email addresses each, allowing every recipient to view 999 additional Glassdoor users’ emails.In total, 600,000 email identifications were released exposing 2% of Glassdoor’s 30 million monthly active users.

“We are extremely sorry for this error,” the company statedin its apology online. “We take the privacy of our users very seriously and we know this is not what is expected of us. Itcertainly doesn’t live up to our own expectations of who we are and what we represent. We will do better.”

The gaffe is not only an embarrassment for Glassdoor, but might bepotentially damaging for a company that touts its anonymous forum of company reviews as a safe place for professionals searching for new job opportunities.

Although no additionalinformation was exposed and Glassdoor did not reveal corresponding names, many email addresses obviously point to its ownership.

As a result of the privacy negligence, a lawsuit has beenfiled by Geragos & Geragos on behalf of affected Glassdoor users. Citing the Federal Stored Communications Act, the law firm is requesting damages for all exposed individuals.

Ironically,the email that exposed Glassdoor users was an update to the company’s terms and conditions and included a provision forbidding users from filing class-action lawsuits.