I don't usually send emails like this, especially to such a large recipient list, but I do feel this is necessary since we are all affected by the same problem. The difference is, on this email, I put all of the recipients in the BCC field, so you won't be able to see each other.
Unfortunately, Kondor do not have to meet our orders, however unfair this may seem. Due to their terms and conditions, the legally-binding contract isn't actually in place until the third email is received. The first email we all received was simply an order acknowledgement, not an order acceptance.
Kondor are well within their rights to do this to prevent problems such as this one, and nearly every company has a similar clause in their terms and conditions. They needn't have even sent us all an email to explain why the orders were cancelled, since the order wasn't actually in place whatsoever.
Whilst it was unfair not to supply the products, Kondor have been in clear breach of the Data Protection Act, which is in place to ensure our personal details are kept fairly and safely. One of the clauses of the act is that information must be kept "Secure" and be used for "Limited purposes". We supplied our details to Kondor for them to process our order, not to send it to every Tom, Dick or Harry that has placed a similar order.
This serious breach should definitely be reported to the Information Commissioner's Office, who are in charge of enforcing the Data Protection Act. Reporting it to the BBC or someone will not have as much effect as the ICO. To report this to the ICO, please do so via one of the following methods:http://www.ico.gov.uk
or 01625 524510
Many people who received the email will have viruses on their computers, many of which harvest email addresses and use them to send the common spam emails. It is very likely that your email address has been harvested by one of these viruses, and the amount of spam emails you receive will increase in the future.
Kondor should definitely have legal action taken against them for such a serious breach of the Data Protection Act, but this can only happen if the ICO receive sufficient complaints.