The personal data of over half a million blood donors across Australia has been leaked online, confirmed the Red Cross Blood Service on Friday.
According to security researcher Troy Hunt, the data was exposed after a Red Cross partner published a 1.74 GB database backup to a publicly facing website.
The file contained more than 1.2 million records for 550,000 blood donor applicants, including names; physical addresses; emails; phone numbers; dates of birth; blood type and previous donations.
Other highly sensitive personal data was also collected, such as whether or not applicants were taking antibiotics, if they had undergone surgical procedures and if they had previously engaged in “at-risk sexual behavior.”
“I believe this incident has the unenviable title of being Australia’s largest ever leak of personal data,” said Hunt in a blog post.
In response to the incident, the Australian Red Cross released a statement, where it attributed the massive leak to human error.
The organization noted the information affects individuals who donated between 2010 and 2016.
“We believe the archive was accessed on 24 October 2015, our forensic experts are confirming this,” read the statement.
“We have managed to have all known copies deleted and have removed the vulnerability from the third party service that develops and maintains the Blood Service’s website,” it added.
An Australian Red Cross Blood Service spokesperson said it was in the process of notifying affected donors, as it continues to work with AusCERT, Australia’s emergency response team and local authorities.
“We are deeply disappointed to have put our donors in this position,” the organization said. “We apologize and take full responsibility for this.”
Those who believe they may have been affected are advised to remain vigilant of email and phone scams.
For more information, visit the Australian Red Cross Blood Service website: http://info.donateblood.com.au/