- QAnon-touting congressman sneaks ‘Epstein Didn’t Kill Himself’ into tweets Wednesday 7:12 PM
- Ocasio-Cortez met a famous drag queen–and the right melted down Wednesday 6:09 PM
- Woman says Lyft driver tried to kidnap her Wednesday 5:18 PM
- Debunking the right-wing conspiracy theories from today’s impeachment hearing Wednesday 4:29 PM
- Maroon 5 approves of the latest TikTok trend Wednesday 3:54 PM
- ‘One month left in the decade’ meme wants to know what you’ve accomplished Wednesday 3:53 PM
- Facebook Pay is the latest way to send your friends money Wednesday 3:31 PM
- Diving into ‘The Mandalorian’s first big shocker Wednesday 3:17 PM
- Disney+ will allow password sharing—to an extent Wednesday 1:12 PM
- Black server says manager refused to discipline coworkers who sent racist receipt Wednesday 12:47 PM
- Who is Jonah Hauer-King, Disney’s new Prince Eric? Wednesday 12:47 PM
- Cut Katherine Langford ‘Avengers: Endgame’ scene lands on Disney+ Wednesday 12:22 PM
- Planned Parenthood app to show abortion-seeking users their nearest options Wednesday 12:21 PM
- ‘The Imagineering Story’ offers touching insight into Walt Disney’s vision Wednesday 11:57 AM
- YouTube mom who was charged with child abuse dead at 48 Wednesday 11:39 AM
The personal information of more than half a million Australian blood donors has been leaked in a serious security breach at the Red Cross.
The hacked file is reportedly a back-up datasheet of submissions to a web-based contact form. Over 550,000 people who donated blood between 2010 and 2016 are on list, which also includes contact numbers and addresses.
The Australian Red Cross Blood Service held a press conference in Melbourne on Friday where chief executive Shelly Park explained the situation:
“We learned that a file, containing donor information, which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website. The issue occurred due to human error. Consequently, this file was accessed by a person outside of our organization.”
The compromised archive file, which was online from Sept. 5 to Oct. 25, also includes the personal health details submitted by each individual into the inquiry form’s blood donor questionnaire. It’s this information that is most sensitive, such as whether the donor engaged in drug use, sex work, or gay sexual activity.
Red Cross was working with the cyber emergency response team and forensics experts at AusCERT to remove all known copies of the file, which was reportedly successful. Now, the forensics experts are attempting to trace who may have accessed and downloaded the archive before the vulnerability was realized. This kind of analysis is more time consuming and difficult.
Still, despite the third-party responsibility, it appears that the Red Cross is taking full responsibility for what has happened.
“We apologize, and we acknowledge that this is unacceptable,” Park said. “Our apology is unreserved. Donors have an expectation and a right to think that all of their information that they share with us is held accountably and responsibly.”
In context of health breaches, this is the biggest in Australia’s history. As data-rich entities, healthcare organizations are prime targets for hacks and data breaches. A study released in May of this year indicated that 90 percent of all healthcare organizations had suffered a compromise in the last two years, costing them an average of $2.2 million on each occasion.
Those who were notified that they were on the Red Cross’ leaked file have been warned to remain vigilant to scams, online or offline, that may utilize their personal information in phishing attacks for fraudulent purposes.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology.