A letter of apology has been emailed to the same users (using the same mailing list) The list has been copied (in case we need to reach out to these email addresses again) with a much more verbose alias. The original list has been destroyed.
Posted Nov 23, 2021 - 16:35 NZDT
Identified
It appears the actual mail burst was triggered from our mailing provider MailGun through a mail list we actually do have. It seems a user was added to the ticket that triggered this as a Participant with the email that happens to match the name of the mailing list – this in turn made MailGun to send the email to everyone (371 users) on this list.
Posted Nov 23, 2021 - 15:41 NZDT
Investigating
We have evidence that an unexpected/unauthorised email want out from our Jira Service Desk to many users, informing them that they have been added as Request Participants to a specific ticket in the Service Desk.
In fact they have not been added as participants, there seems to be no link with this ticket and any of the accounts the email has been sent to.