Australian Red Cross Leaks Info of Half a Million Blood Donors

The personal data of 550,000 blood donors was leaked online because of a human error.

The Australian Red Cross Blood Service said a third party that maintains its website placed a file with donor information in “an insecure environment.” The data may have been available online from Sept. 5 through Oct. 25. The organization was notified by a “person scanning for security vulnerabilities,” who informed the Australian Cyber Emergency Response Team, or AusCERT.

The data included names, addresses and dates of birth, according to the Red Cross. Troy Hunt, who runs the data-breach cataloging site Have I been pwned, wrote his information was compromised and it included more sensitive details, such as blood type and donor eligibility answers.  

“Each donor is asked questions such as whether or not they're on antibiotics, if they're under or overweight and if they've had any recent surgical procedures," Hunt wrote. “They're personal questions, no doubt, but one of them particularly stands out in terms of sensitivity: In the last 12 months, have you engaged in at-risk sexual behaviour?”

The Red Cross statement says all known copies of the data have been deleted and it will continue to work with AusCERT.