1.3 million personal and medical records leaked in Australia’s biggest data breach
How many victims? 1.28 million records
What type of information? Personal and medical information such name, gender, physical and email address, phone number, date of birth, blood type and country of birth. It also contains sensitive data such as whether someone has engaged in high-risk sexual behaviour.
What happened? An anonymous source found 1.74GB file containing 1.28 million donor records going back to 2010 on a publicly accessible website and notified Troy Hunt. The discovery was made via a scan of IP address built to search for publicly exposed web servers that returned directory listings containing .sql files.
What was the response? The Australian Red Cross has said that it had made contact with the Australian Cyber Security Centre and the Australian Federal Police and notified the Office of the Australian Information Commissioner of the data breach. “We are deeply disappointed this could happen. We take full responsibility for this mistake and apologise unreservedly,” said Jim Birch, chair and Shelly Park, chief executive of the Blood Service. “We would like to assure you we are doing everything in our power to not only right this but to prevent it from happening again.”
Quote: “With sensitive data often passing between multiple companies during partnerships and sales, it’s essential that organisations have a data-centric security strategy in place to ensure that data is secure wherever it goes,” Steve Murphy Senior CP EMEA, Informatica told SCMagazineUK.com