Author: Author: Jay Jay / Source: TEISS
The Red Cross data breach last year, which was termed as the largest data breach in Australian history, was caused by inappropriate handling of sensitive data by an employee at a third party service provider.
The Red Cross data breach exposed sensitive details of about 550,000 prospective blood donors, including their blood type and home addresses.
In September last year, cyber security expert Troy Hunt was notified by an unknown individual about the presence of large chunks of sensitive data belonging to hundreds of thousands of people in a public-facing web server with no encryption in place.
Hunt discovered that the sensitive data belonged to about 550,000 prospective blood donors who had registered with the Australian Red Cross. The data included names, home addresses, gender, email addresses, country of birth, blood type, phone numbers and other donation-related data.
Following his discovery, Hunt notified the Australian Cyber Emergency Response Team (AusCERT) of the data breach and the Red Cross society was then ordered to contain the breach.
Timothy Pilgrim, the Australian Information and Privacy Commissioner, said that the Red Cross did not take contractual measures or take reasonable steps to “ensure adequate security measures for personal information held for it by the relevant third party contractor”.
Click here to read more