Guide to Giving
MEDIA, JOBS & RESOURCES FOR THE COMMON GOOD
NEWS  |  Leadership

Half a Million Red Cross Donors’ Personal Data Leaked


Friday, 28th October 2016 at 4:14 pm
Ellie Cooper, Journalist
The personal information of 550,000 Australian Red Cross blood donors has been leaked in what has been described as the country’s largest data breach.


Friday, 28th October 2016
at 4:14 pm
Ellie Cooper, Journalist


0 Comments


FREE SOCIAL
SECTOR NEWS

 Print
Half a Million Red Cross Donors’ Personal Data Leaked
Friday, 28th October 2016 at 4:14 pm

The personal information of 550,000 Australian Red Cross blood donors has been leaked in what has been described as the country’s largest data breach.

The Australian Red Cross Blood Service said it became aware on Wednesday that an online file containing donor information was placed in an “insecure environment” and accessed by an “unauthorised person”.

The file contained the information of more than half a million donors from 2010 to 2016. It formed  part of an online application to give blood, and included names, addresses, dates of birth and other personal details.

Blood Service chief executive Shelly Park apologised to donors on Friday, and said the organisation was endeavouring to contact all people who made an application to be a blood donor using the DonateBlood website.

“We are incredibly sorry to our donors. We are deeply disappointed this could happen. We take full responsibility and I assure the public we are doing everything in our power to not only right this but to prevent it from happening again,” Park said.

“We have set up a hotline, website and email address to provide information for donors.

“It is vitally important that people who generously want to give blood are not deterred by this – every Australian may need a blood transfusion at some time and we hope people will continue to make their contribution and to feel confident that their personal details will be protected.”

The Red Cross was alerted to the breach by the Australian Cyber Emergency Response Team (AusCERT), following a tip off from independent security researcher Troy Hunt.

In his blog Hunt explained he was contacted on Tuesday by someone who claimed to have his personal information from the DonateBlood website.

“He provided me with a snippet to prove it – a snippet of my own data,” Hunt said.

“There was my name, my email, gender, date of birth, phone number and the date I’d last donated.

“He then provided me with the entire data set… I checked my wife’s record and found all the same info as I had albeit across nine different records, reflecting the different occasions she’d donated.

“There was no doubt in my mind that this data was legitimate.”

He said he chose to contact AusCERT, rather than go directly to the Red Cross.

Hunt deleted his copy of the data, and the Red Cross said, to their knowledge, all known copies had been deleted.

Park also said the online enquiry forms did not connect to the organisation’s secure databases, which contain more sensitive medical information.

Investigations are continuing and the Red Cross has been in contact with federal police and the Australian privacy commissioner.

“The Australian Red Cross Blood Service has advised my office of a data breach from the DonateBlood website,” the privacy commissioner said.

“In doing so, Red Cross has provided details of what occurred and steps taken to contain the breach. I welcome their prompt actions to prevent any further disclosure of this highly sensitive personal information.

“My office encourages voluntary notification of data breaches, particularly where there is a risk to an individual as a result of a breach.

“I will be opening an investigation into this matter and will work with the Red Cross to assist them in addressing the issues arising from this incident. The results of that investigation will be made public at its conclusion.”

Anyone with privacy concerns can contact the Red Cross Blood Service through a dedicated hotline or the privacy commissioner via enquiries@oaic.gov.au or on 1300 363 992.


Ellie Cooper  |  Journalist |  @ProBonoNews

Ellie Cooper is a journalist covering the social sector.

Anglicare

FEATURED SUPPLIERS


Established in 1998, StreetFleet is a 100% Australian owned ...

Streetfleet

Helping the helpers fund their mission…...

FrontStream Pty Ltd (FrontStream AsiaPacific)

Star enables change within organisations specifically throug...

Star Business Solutions

We are a premium Event Production agency with over 16 years ...

Vanilla Bean Events

More Suppliers

Get more stories like this

FREE SOCIAL
SECTOR NEWS

YOU MAY ALSO LIKE

Civil Voices Survey Takes the Temperature of Not for Profit Advocacy

Wendy Williams

Thursday, 17th August 2017 at 8:37 am

Five Tips For Making Your Approach To Corporates A Success

Martyn Ryan

Wednesday, 9th August 2017 at 12:02 pm

Downside of Linear Thinking and Why We Need to Embrace Failure

Vu Le

Monday, 7th August 2017 at 1:42 pm

Good Governance in the Not-for-profit Sector is Paramount

Elizabeth Proust

Monday, 7th August 2017 at 1:27 pm

POPULAR

Social Impact Investments Could Address Housing and Homelessness

Rachel McFadden

Tuesday, 8th August 2017 at 8:16 am

Govt Releases Social Impact Investment Principles

Lina Caneva

Wednesday, 9th August 2017 at 4:12 pm

Civil Voices Survey Takes the Temperature of Not for Profit Advocacy

Wendy Williams

Thursday, 17th August 2017 at 8:37 am

Federal Govt Extends Advocacy Funding – States Called on to Follow Suit

Lina Caneva

Wednesday, 9th August 2017 at 4:02 pm

Write a Reply or Comment

Your email address will not be published. Required fields are marked *


Guide to Giving
pba inverse logo
Subscribe Twitter Facebook

The social sector's most essential news coverage. Delivered free to your inbox every Tuesday and Thursday morning.

You have Successfully Subscribed!