Hundreds of thousands of Australians may have given more than just a pint of blood. The private data and medical records of 555,000 Red Cross blood donors has leaked online, potentially the largest data breach in the country’s history.
According to CRN, a file containing donor records dating back to 2010 has been published on a public facing site, putting hundreds of thousands of people in potential danger. Information like names, addresses, date of birth, blood type and sensitive questionnaire information like health habits have been leaked.
The Red Cross said the file was placed in an insecure environment by a third party that develops and maintains the Blood Service’s website. A human error caused the database backup containing the private data to be exposed, according to CRN. (This may be a good time to check out Datto’s Cybersecurity Toolkit.)
The Australian Red Cross issued a statement accepting full responsibility for the mistake and claim they are taking the proper measures to correct the blunder and prevent it from happening again. Consumers can also find frequently asked questions, categories of data in the breach, and updates on the Red Cross site.