Australian Red Cross Blood Service’s ‘blood donors’ data leak is being considered as the ‘most severe’ by experts due to its nature of importance. The sensitive database leak discovered on October 24th by a security expert while searching the internet for exposed servers.
One of Australian Red Cross Blood Service’s third-party service providers inadvertently leaked a backup database of 550,000 people containing personal details. The database became publicly accessible from Sept. 5th to October 25th.
The person who discovered the leaked database reported it to the security expert and regional director for Microsoft, and runs his own data breach notification service haveibeenpwned.com
The 1.74Gb leaked database in a MySQLdump file contains 1.3 million records with the following information names, gender, physical address, phone numbers, blood types, donation dates, eligibility answers and type of donations and many other.
Troy Hunt in his blog post wrote, “In the Red Cross’ case, the data that was ultimately leaked was a database backup. That 1.74GB was simply a mysqldump file that had everything in it. Taking a database backup is not unusual (in fact it’s pretty essential for disaster recovery), it’s what happened next that was the problem.”
