It’s been confirmed that the personal data – including names and addresses – of over half a million blood donors across Australia have been compromised in a huge security breach. The breach at the Red Cross has been blamed on human error.
Each week in Australia, 25,000 patients need blood donations to either save or improve their lives. It’s feared the recent cyber-attack could impact the number of donors using the Red Cross’ service moving forward, resulting in blood shortages for ill patients around the country.
RECOMMENDED READ: 3 causes of security breaches
Shelly Park, Australian Red Cross Blood Service Chief Executive, confirmed that the data had been accessed by an “unauthorised person” outside of the organisation. She explained, “we learned that a file containing donor importation, which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website.”
She continued, explaining that access to the file had been shut down and that forensic experts were now helping the organisation with their investigations. The hacked file was a back-up of a web-based enquiry form that’s submitted to the Red Cross blood donation webpage.
KEEP YOUR SUPPLY CHAIN SECURE: Are your suppliers putting you at risk?
“The issue occurred due to human error. The back-up file contained 550,000 people, who completed a web form to access a donation between 2010 and 2016. The type of information included in the files include names, addresses and personal details required when completing our short questionnaire; which is a bit like a gateway to see whether people can go ahead to donate blood.”
Shelly went on to explain that access to the file had been shut down and that forensic experts were now helping the organisation with their investigations.
GET FAMILIAR: Know your cyber-attack enemy
The Red Cross have stressed that the hacked file didn’t contain “deep personal records” of people’s medical history or their test results. However, donors have been promptly notified of the breach by the organisation via text message. They’ve also publicly apologised, saying they have “let down” their valued donors.