The personal data of more than half a million blood donors has been accessed by an unauthorised person after a security breach at the Red Cross.
The organisation is trying to contact 550,000 donors who have had the security of their personal information compromised.
The Red Cross said it had been made aware that a file containing donor information was placed on an insecure computer environment and accessed by an unauthorised person.
The file was part of an online application to give blood used from 2010.
Red Cross chief executive Shelly Park has apologised to donors and said, to her knowledge, all copies of the data had now been deleted and the risk of misuse of the data was low.
Ms Park said the issue occurred due to human error.
“As an organisation, we are still in the process of completing our investigation and we have engaged forensic experts to help us with this,” she said.
“We apologise and we acknowledge that this is unacceptable.”
Security expert alerted to breach after being sent own donor details
In a personal blog post, online security expert Troy Hunt said he had made aware of the breach after someone sent him his own data, including his email, gender, date of birth, phone number and date of last donation.
“On Tuesday morning, I was contacted by someone … He claimed to have data and he provided me with a snippet to prove it — a snippet of my own data,” Mr Hunt wrote.
“He then provided me with the entire data set, a 1.74GB file with 1,286,366 records in a ‘donor’ table.
“I checked my wife’s record and found all the same info.”
The organisation said it had been in contact with the Australian Cyber Security Centre and the Australian Federal Police about the breach.