Red Cross Blood Service admits to a data security breach

data-security-breachIt has been confirmed that the personal information of 550,000 blood donors has been leaked in what is described to be Australia’s largest data security breach. The data includes information about “at-risk sexual behaviour”.

On Wednesday, the organisation was told that the file containing the donor information was spotted in an insecure computer environment and accessed by an unauthorised person. The file consists of information about blood donors between the years 2010 and 2016.

According to the statement made by Red Cross, the leaked data includes names, genders, birth dates, and addresses.

Shelly Park, chief executive at Red Cross, commented that the data had been posted on an insecure website by one of their developers, citing human error as the culprit to blame. According to her Park’s understanding, all copies of the data have now been destroyed. Park has already issued an apology.

Troy Hunt, an independent security expert, said an anonymous Twitter user had contacted him on Tuesday morning, claiming to have the personal details of him and his wife. Later, the same user sent him a 1.74 GB file that included the data. According to him, he was never threatened or extorted by that user.

Hunt also noted that the data included a set of true-false eligibility questions, one of which asked the donors if they had taken part in at-risk sexual behaviour during the last 12 months.

The Red Cross Blood Service stated they are working with the Australian Cyber Security Centre and the Australian Federal Police to resolve the issue.