Australian Red Cross hit by biggest data breach in the country

1.3 million personal and medical records leaked in Australia’s biggest data breach

Australian Red Cross Logo

How many victims? 1.28 million records

What type of information? Personal and medical information such name, gender, physical and email address, phone number, date of birth, blood type and country of birth. It also contains sensitive data such as whether someone has engaged in high-risk sexual behaviour.

What happened?  An anonymous source found 1.74GB file containing 1.28 million donor records going back to 2010 on a publicly accessible website and notified Troy Hunt. The discovery was made via a scan of IP address built to search for publicly exposed web servers that returned directory listings containing .sql files.

What was the response?  The Australian Red Cross has said that it had made contact with the Australian Cyber Security Centre and the Australian Federal Police and notified the Office of the Australian Information Commissioner of the data breach. “We are deeply disappointed this could happen. We take full responsibility for this mistake and apologise unreservedly,” said Jim Birch, chair and Shelly Park, chief executive of the Blood Service. “We would like to assure you we are doing everything in our power to not only right this but to prevent it from happening again.”

Quote: “With sensitive data often passing between multiple companies during partnerships and sales, it’s essential that organisations have a data-centric security strategy in place to ensure that data is secure wherever it goes,” Steve Murphy Senior CP EMEA, Informatica told


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s