Personal Details of 550,000 Blood Donors Leaked

08/11/2016

banner-red-cross-breach

It’s been confirmed that the personal data – including names and addresses – of over half a million blood donors across Australia have been compromised in a huge security breach. The breach at the Red Cross has been blamed on human error.

Each week in Australia, 25,000 patients need blood donations to either save or improve their lives. It’s feared the recent cyber-attack could impact the number of donors using the Red Cross’ service moving forward, resulting in blood shortages for ill patients around the country.

RECOMMENDED READ: 3 causes of security breaches


Shelly Park, Australian Red Cross Blood Service Chief Executive, confirmed that the data had been accessed by an “unauthorised person” outside of the organisation. She explained, “we learned that a file containing donor importation, which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website.”

She continued, explaining that access to the file had been shut down and that forensic experts were now helping the organisation with their investigations. The hacked file was a back-up of a web-based enquiry form that’s submitted to the Red Cross blood donation webpage.

KEEP YOUR SUPPLY CHAIN SECURE: Are your suppliers putting you at risk?

“The issue occurred due to human error. The back-up file contained 550,000 people, who completed a web form to access a donation between 2010 and 2016. The type of information included in the files include names, addresses and personal details required when completing our short questionnaire; which is a bit like a gateway to see whether people can go ahead to donate blood.”

Shelly went on to explain that access to the file had been shut down and that forensic experts were now helping the organisation with their investigations.

GET FAMILIAR: Know your cyber-attack enemy

The Red Cross have stressed that the hacked file didn’t contain “deep personal records” of people’s medical history or their test results. However, donors have been promptly notified of the breach by the organisation via text message. They’ve also publicly apologised, saying they have “let down” their valued donors.

Don’t get caught out by cyber criminals! It could happen to anyone, and there are simple steps your business can take to stay safe. Find out how ISO 27001 could help you, or call our award-winning team for free on 0800 404 7007 to learn more.
We have a brand new White Paper explaining why the demand for ISO 27001 is booming, now more than ever!
Read >> / Listen >>