Australian Red Cross Blood Service’s ‘blood donors’ data leak is being considered as the ‘most severe’ by experts due to its nature of importance. The sensitive database leak discovered on October 24th by a security expert while searching the internet for exposed servers.
One of Australian Red Cross Blood Service’s third-party service providers inadvertently leaked a backup database of 550,000 people containing personal details. The database became publicly accessible from Sept. 5th to October 25th.
The person who discovered the leaked database reported it to the security expert and regional director for Microsoft, and runs his own data breach notification service haveibeenpwned.com
The 1.74Gb leaked database in a MySQLdump file contains 1.3 million records with the following information names, gender, physical address, phone numbers, blood types, donation dates, eligibility answers and type of donations and many other.
Troy Hunt in his blog post wrote, “In the Red Cross’ case, the data that was ultimately leaked was a database backup. That 1.74GB was simply a mysqldump file that had everything in it. Taking a database backup is not unusual (in fact it’s pretty essential for disaster recovery), it’s what happened next that was the problem.”
He wrote, “The database backup was published to a publicly facing website. This is really the heart of the problem because no way, no how should that ever happen. There is no good reason to place database backups on a website, let alone a publicly facing one. There are many bad reasons (usually related to convenience), but no good ones.”
Hunt reported the issue to the AusCERT and the Australian Red Cross Blood Service, which reported the issue further to Australian Cyber Security Center, Office of Information Commissioner , and the Federal Police.
According to Australian Red Cross Blood Service the registration data of 550,000 people is from the year between 2010 and 2016.
The formal announcement made by the organization states, “This file contained registration information of 550,000 donors made between 2010 and 2016. The file was part of an online application to give blood and information such as names, addresses, dates of birth and some personal details are included in the questionnaire.”
Currently, it is unclear whether the database is accessed by someone with harmful intentions, however, IDCARE, New Zealand, and Australia’s national identity support service say there is a low risk for blood donors.
Share this article
About the Author
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.
More from Peter ButtlerRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
