A csv file was uploaded with course codes in the email column instead of an email address. As a result multiple accounts were created with the same course code as their email. They did error as duplicate emails. The setting under Admin > Plugins > Authentication > Manage authentication for "Allow accounts with same email". This is not set, so accounts with duplicate emails are not allowed. However, existing user emails were overwritten with the course code and new accounts created with invalid email data.