Blood Donor Data Breach - IT Contractor leaks 550,000 personal records online.
The personal data including the addresses of more than half a million blood donors across Australia has been compromised in a massive security breach at the Red Cross, which has been blamed on human error.
Australian Red Cross Blood Service chief executive Shelly Park said at a press conference in Melbourne on Friday that the data had been accessed by an “unauthorised person”.
“We learned that a file, containing donor information, which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website,” Park said.
“The issue occurred due to human error. Consequently, this file was accessed by a person outside of our organisation.”
She said access to the file had been shut down and that forensic experts were now helping the organisation with their investigation. The hacked file was a back-up of web-based inquiry forms that are submitted to the Red Cross blood donation webpage.
“The back-up file contained 550,000 people, who completed a web form to access a donation between 2010 and 2016,” she said.
“The type of information included in the files include name, address, and personal details that come about from completing our short questionnaire, which is a bit like a gateway to see whether people can go ahead to donate blood.