550,000 Australian blood donors have had their medical records leaked due to a breach of data security at the Red Cross, it has been reported today.
Data leaked include donors’ names, addresses and personal details required for blood donations.
The breach was first reported by Troy Hunt, an independent security expert, who was contacted by an anonymous source that provided him with his own personal blood donor details.
He was given access to the data set, “a 1.74GB file with 1,286,366 records in a ‘donor’ table”, describing it as the “largest ever leak of personal data” in Australia, he wrote in a blog post.
“The backup file contained 550,000 people, who completed a web form to access a donation between 2010 and 2016,” said Shelly Park, Australian Red Cross chief.
“The issue occurred due to human error. Consequently, this file was accessed by a person outside of our organisation” – a contracted web developer, she added.
“We have set up a hotline, website and email address to provide information for donors,” Park said in a statement. “It is vitally important that people who generously want to give blood are not deterred by this”, she continued.
The Red Cross Blood Service has since been in contact with the Australian Cyber Security Centre, the Australian Federal Police, and the Office of the Australian Information Commissioner on the breach.