550,000 Red Cross blood donor records leaked due to "human error"

Australian Red Cross Blood Service reports massive security breach

Hackers

A huge security breach at the Red Cross has resulted in the leak of half a million Australian blood donor records, including names, addresses and emails.

A backup file containing information on 550,000 blood donors was leaked as a result of human error, according to Australian Red Cross Blood Service chief executive, Shelly Park.

Advertisement - Article continues below

"We learned that a file, containing donor information, which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website," said Park, in a press conference on Friday.

The file, which held results from a questionnaire that assessed donor suitability between 2010 and 2015, was then accessed by an 'unauthorised person'.

"The type of information included in the files include name, address, personal details that come about from completing our short questionnaire, which is a bit like a gateway to see whether people can go ahead to donate blood," said Park.

"I wish to stress that this file does not contain the deep personal records of people's medical history or of their test results. We are notifying donors as early as we believe we can, and we are notifying donors today," added Park.

Personal details such as date of birth, blood type, and country of birth were also included in the backup file. The Australian Red Cross admits it has "let down" its users.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We are extremely sorry. We are deeply disappointed to have put our donors in this position. We apologise and take full responsibility for this. We acknowledge that this is unacceptable. Donors have an expectation and a right to think that all of their information that they share with us is held accountably and responsibly," said Park.

The breach was first discovered by security expert Troy Hunt, who was contacted by an unknown individual claiming to have data from the Australian Red Cross Blood Service.

To gain access to the records, the hacker had employed a relatively simple scanning method to look for vulnerabilities, according to Hunt.

"What he'd actually been doing is simply scanning internet IP addresses and looking for publically exposed web servers returning directory listings," said Hunt, in a blog post. "He'd then look to see if any of those files contained a .sql extension which would indicate a database backup... and that is all," added Hunt.

Cybersecurity experts have reassured the organisation that the risk of data being used maliciously was fairly low, however donors have been warned to be on the look out for email or phone scams.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/data-breaches/355056/vpnmentors-web-mapping-project-finds-more-exposed-military-files-via
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020