Red Cross Admits Fault After A Bloody Leak Of 550K Aussie Donors’ Data

The Red Cross Blood Service has issued an apology after sensitive details regarding as many as 550,000 donors were found on an unprotected IT system, in what could constitute the largest locally-based data leak ever recorded.

According to cyber security expert Troy Hunt, information including the full names, genders, physical addresses, email addresses and phone numbers of Australians who donated between 2010 and 2016 was uncovered earlier this week.

Hunt confirmed the legitimacy of the data by saying he found his own personal details in the leak.
Perhaps most worryingly, Hunt says sensitive information regarding donors’ sexual activity and possible recreational drug use was also left unsecured. 
In response to the leak, Red Cross Blood Service chief Shelly Park apologised to donors, saying “we are deeply disappointed this could happen.

“We take full responsibility and I assure the public we are doing everything in our power to not only right this but to prevent it from happening again.”
The information was uploaded to a database backup on an unsecured site, run by a third party contracted by the Blood Service. 
Hunt, who runs an online security breach notification service, was alerted to the breach by the very person who claims to have found the unsecured details. He says the individual agreed to delete their copy of the 1.74GB file, and Hunt claims to have done the same.
As such, the Blood Service says “to our knowledge all known copies of the data have been deleted” and that there’s a low chance of the information being misused in the future, but they’re still looking into the issue.
While Hunt seriously questioned the integrity of Red Cross Blood Services’ IT security protocols, he praised the Blood Service for their response after the leak came to light, and has encouraged would-be donors not to be dissuaded from donating to the legitimately vital service. 

He says “it’s going to cost them money, it’s bad publicity and there’s a real chance that people may actually feel less inclined to give blood,” but he’s booked a donation appointment for Monday regardless. 

“I don’t like that my data was exposed in this way but let us not lose focus on life’s bigger issues.”
If you’re concerned that your information may have been included in the leak, the Blood Service has set up a hotline at 13 95 96. 

Source: Sydney Morning Herald Red Cross Blood Service / Troy Hunt.
Photo: @aitokirai / Instagram.

More Stuff From PEDESTRIAN.TV