“On 26 October 2016 the Australian Red Cross Blood Service became aware a file containing donor information was placed in an insecure environment by a third party that develops and maintains the Blood Service’s website. This file contained registration information of 550,000 donors made between 2010 and 2016. Included in the file was information such as names, addresses and dates of birth.
This information was copied by a person scanning for security vulnerabilities who then, through an intermediary, informed the Australian Cyber Emergency Response Team (AusCERT) with whom the Blood Service has membership.
With assistance of AusCERT, the Blood Service took immediate action to address the problem. The Blood Service has been in communication with the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
IDCARE, a national identity and cyber support service, has assessed the information accessed as of low risk of future direct misuse.”