Red Cross Blood Service Admits To Personal Data Breach Affecting Half a Million Donors (abc.net.au)

← Back to Stories (view on slashdot.org)

Red Cross Blood Service Admits To Personal Data Breach Affecting Half a Million Donors (abc.net.au)

Posted by msmash on Friday October 28, 2016 @02:00AM from the security-woes dept.

The personal data of 550,000 blood donors that includes information about "at-risk sexual behaviour" has been leaked from the Red Cross Blood Service in what has been described as Australia's largest security breach. From an ABC report:The organisation said it was told on Wednesday that a file containing donor information was placed on an "insecure computer environment" and "accessed by an unauthorised person." The file contained the information of blood donors from between 2010 and 2016. The data came from an online application form and included "personal details" and identifying information including names, gender, addresses and dates of birth, a Red Cross statement said. Red Cross Blood Service chief executive Shelly Park said "due to human error" the unsecured data had been posted on a website by a contractor who maintains and develops the Red Cross website.

13 of 32 comments (clear)

Min score:

Reason:

Sort:

Translation. . . by Salgak1 · 2016-10-28 02:24 · Score: 1

. . . somebody copied the database to a thumb drive, OR somebody emailed the file outside the corporate network. . .
Or, the short version, somebody did something stupid that they were likely specifically told NOT to do in a security briefing that they either scanned or pencil-whipped. . . .
1. Re:Translation. . . by Joe_Dragon · 2016-10-28 02:31 · Score: 1
  
  contractor who maintains and develops the Red Cross website.
  so they want with the low bidder over seas guys?
2. Re:Translation. . . by jellomizer · 2016-10-28 05:03 · Score: 1
  
  Well this is the year 2016 where hackers are no longer the equivalent of nuisance where their attacks were just a mild inconvenience. Today such breaches are serious and can affect people's lives. The Red Cross should had filled the USB ports with Glue and locked down the PC's to prevent some stupid person from accidentally leaking a major problem.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Re:They won't take my blood by Frederic54 · 2016-10-28 02:30 · Score: 1

Same in Canada, I was in France for 3 months in the 80s so I am permaban and cannot give blood, organs or tissues in Canada. Too bad for them as I am O+ and they made vaccine with my VZV immunoglobulin or something

--
"Science will win because it works." - Stephen Hawking
Worse than Ashley Madison by GuB-42 · 2016-10-28 02:37 · Score: 2

Blood donations forms typically include very sensitive questions like your number of sex partners, if it is not a clear "are you cheating?".
With Ashley Madison, where the mere presence of an account is a very weak proof of infidelity. In fact, considering the number of actual women present of the site, the chance of a husband cheating his wife through this site is almost zero (unless bots count). But if you answer "yes" to one of the sensitive questions in a blood donor questionnaire, it can be considered a definite proof.
1. Re:Worse than Ashley Madison by Oswald+McWeany · 2016-10-28 02:55 · Score: 1
  
  Not true, at least in the US. It asks about paying for sex, travel, and man on man sex in the history. Not number of partners.
  That could still theoretically be bad for a man if he is married to a woman and answers yes to any of those questions.
  
  --
  "That's the way to do it" - Punch
2. Re:Worse than Ashley Madison by Salgak1 · 2016-10-28 04:36 · Score: 1
  
  So . . .what you're saying is. . .
  "Wimmen, Dey Took Er Jerbs" ????
  (grin)
Re:Jokes on the hackers! by Nidi62 · 2016-10-28 03:48 · Score: 1

The Red Cross along with a select other few entities such as the NY Times still solicits my long dead grandfather once a year who passed back in the late 90s.
Maybe they figure they can get more blood than normal from him since he's not using it anymore?

--
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Doesn't make sense by bagofbeans · 2016-10-28 04:39 · Score: 4, Insightful

Why would the website developer have access to the donor database?
"due to human error"? by PJ6 · 2016-10-28 05:38 · Score: 2

[...] the unsecured data had been posted on a website by a contractor who maintains and develops the Red Cross website.
Sorry, but could someone please explain to me how is it even possible to do that accidentally?
1. Re:"due to human error"? by Ol+Olsoc · 2016-10-28 05:54 · Score: 1
  
  [...] the unsecured data had been posted on a website by a contractor who maintains and develops the Red Cross website.
  Sorry, but could someone please explain to me how is it even possible to do that accidentally?
  Hellary and the DNC did it on purpose. And Mexican rapists. And that Baldwin guy. And Megyn Kelly. And Muslims and Bill Maher.
  It all makes perfect sense now doesn't it?
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
2. Re:"due to human error"? by Ol+Olsoc · 2016-10-30 13:50 · Score: 1
  
  Are you having a stroke?
  of genius - yes indeedy!
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
AUSTRALIA by denbesten · 2016-10-28 05:52 · Score: 1

Neither TFA nor the summary make it clear that this was just the Australia Red Cross. No indications so far that any other countries have suffered a similar breach.