Dracula Hack? Contact Data for Half a Million Australian Blood Donors Breached



Even the terror of Transylvania—Draculawould be drained biting the necks of all of the over half a million Australian blood donors whose contact information was hacked from a Red Cross database.

The Australian Red Cross Blood Service announced Oct. 28 the leak of a back-up spread sheet that contained the personal contact information for over 550,000 people who donated blood from 2010 to 2016.  The group apologized for the breach, which appears to be the largest health-care breach ever reported in Australia. 

Couldn’t have chosen a better time to reveal the breach—right before U.S. Halloween time and during cybersecurity awareness month.

The Red Cross said that due to human error the database was accidentally left unprotected “by a third party that develops and maintains the Blood Service’s website.” A hacker scanning for security vulnerabilities discovered the open database and made a copy, the Red Cross said.

The Red Cross said the hacked data has been characterized by experts as being of low risk for misuse, explaining that the contact information database didn’t link to other databases of more sensitive medical information.

“It is vitally important that people who generously want to give blood are not deterred by this–every Australian may need a blood transfusion at some time and we hope people will continue to make their contribution and to feel confident that their personal details will be protected,” Blood Service Chief Executive Shelly Park said in a statement disclosing the breach.

Too bad the Australian Red Cross didn’t have Hugh Jackman on its payroll. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.