En
En
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
Data protection and classification
Access rights audit
User activity audit, investigation
Compliance
Use case: access control and change management
Use case: user behavior and insider detection
Use case: eDiscovery
Use case: file cleanup
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact us
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact Us
Book a return call
HomeBlogRed Cross in Australia Carelessly Let Happen Country's Largest Data Breach
BACK TO BLOG LIST
Red Cross in Australia Carelessly Let Happen Country's Largest Data Breach
01.11.2016
The first person who informed about a large-scale leakage of data in his blog was Troy Hunt, head of the Microsoft regional office, information security expert and founder of the website Have I Been Pwned. An unnamed user contacted him on Twitter and said that he had possessed personal data from the registration form of the Australian Red Cross website. As evidence, the anonymous also sent Hunt’s own data from the donor’s online profile: gender, name, phone number, email address, date of birth, and date of the last visit to the donor center. It later turned out that the information about his wife, who more frequently donated blood, had been more complete and had also included home address and information about her blood group. Eventually, the source sent Hunt the entire database of 1.74 GB. Personal data of 550 thousand donors was compromised.  These are the donors who filled out a standard questionnaire on-line form on the site from 2010 to 2016. Hunt reported the incident to the Australian response group AusCERT. At the Red Cross press conference in Melbourne, the head of the Australian Red Cross community admitted that the data leakage had occurred because of a human error. Preliminary investigation revealed: the database backup was stored on the developer's site, and a third party person who was responsible of the website technical support had an access to it. According to Hunt, this is the most large-scale data leakage in Australia that happened by inadvertence. Representatives of the Red Cross noted that the data did not contain any medical information about donors' health status and results of blood tests. Hunt also said that the questions in the donor questionnaire were generally harmless and involved, for example, questions about weight of donor, latest tattoos or information about visiting the dentist. However, there is also the question: “Have you had an unprotected sex in the last 12 months?”. Security experts, whom the Red Cross approached for help, believe that it is highly unlikely that the data was or will be used for the profit. The user, who sent the database to Hunt, deleted the file. The founder of the website Have I Been Pwned is confident that the user did not have any malicious intent. Nevertheless, the Red Cross sent all donors who filled out the registration form on the site a warning message about possible misuse of their data.
BACK TO BLOG LIST
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.
Products and Services
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSSP
Cloud Deployment
Company
Contact
About Our Company
Company Portfolio
Our Clients
Press About Us
Press Kit
Resources
White Papers
Third-party integration
Research
Practices and use cases
Videos
News
Company News
Product News
Events
Blog
Challenges
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Data at Rest Discovery
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
Roles
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Industries
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
Partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2024 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies