Red Cross Blood Service Admits To Personal Data Breach Affecting Half a Million Donors

The personal data of 550,000 blood donors that includes information about "at-risk sexual behaviour" has been leaked from the Red Cross Blood Service in what has been described as Australia's largest security breach. From an ABC report:The organisation said it was told on Wednesday that a file containing donor information was placed on an "insecure computer environment" and "accessed by an unauthorised person." The file contained the information of blood donors from between 2010 and 2016. The data came from an online application form and included "personal details" and identifying information including names, gender, addresses and dates of birth, a Red Cross statement said. Red Cross Blood Service chief executive Shelly Park said "due to human error" the unsecured data had been posted on a website by a contractor who maintains and develops the Red Cross website.

Worse than Ashley Madison

[GuB-42]

Blood donations forms typically include very sensitive questions like your number of sex partners, if it is not a clear "are you cheating?".
With Ashley Madison, where the mere presence of an account is a very weak proof of infidelity. In fact, considering the number of actual women present of the site, the chance of a husband cheating his wife through this site is almost zero (unless bots count). But if you answer "yes" to one of the sensitive questions in a blood donor questionnaire, it can be considered a definite proof.

Doesn't make sense

[bagofbeans]

Why would the website developer have access to the donor database?

"due to human error"?

[PJ6]

[...] the unsecured data had been posted on a website by a contractor who maintains and develops the Red Cross website.

Sorry, but could someone please explain to me how is it even possible to do that accidentally?