Es gibt nicht eine einzige Organisation, die nicht anfällig für Daten Kompromisse. Die Liste der verschiedenen Organisationen und Dienste, die durch Datenschutzverletzungen wurden, wird immer länger auf einer täglichen Basis. Und nun, anscheinend, the Australian Red Cross should be added.
Australian Red Cross Data Breach of 550,000 Blutspender
The organization said that its blood donor service discovered that registration information of 550,000 blood donors had been compromised. Who is to blame? According to the Red Cross, a human error by a third-party contractor is at fault.
The worst thing about this data privacy incident is that nobody knows how many people have obtained the data. Weiter, the data from 2010 zu 2016 was on the website donateblood.com.au from September 5 bis Oktober 25, 2016. The database backup includes 1.74GB and 1.3 Millionen Datensätze. The database has sensitive information about blood donors, einschließlich Name, Geschlecht, physikalische Adresse, E-Mail-Addresse, Telefonnummer, Geburtsdatum, Blutgruppe, country of birth, and previous donations.
As with every other major data breach, Troy Hunt from HaveIBeenPwned has made an analysis and has also expressed his own opinion on the matter. This is what he wrote on his personal blog:
On Tuesday morning, I was contacted by someone [...]. He claimed to have data from donateblood.com.au and he provided me with a snippet to prove it – a snippet of my own data. There was my name, meine E-Mail, Geschlecht, Geburtsdatum, phone number and the date I’d last donated. He then provided me with the entire data set, a 1.74GB file with 1,286,366 records in a “donor” table which was just one out of a total of 647 different tables. I checked my wife’s record and found all the same info as I had albeit across 9 different records reflecting the different occasions she’d donated. In addition to the fields in my data, her data also had our home address and her blood type. There was no doubt in my mind that this data was legitimate.
What has the Australian Red Cross said?
The organization issued an apology Erklärung, saying that “we are deeply disappointed this could happen. We take full responsibility for this mistake and apologise unreservedly.”
Auf 26 October the Blood Service became aware a file containing donor information was placed in an insecure environment by a third party that develops and maintains the Blood Service’s website. This file contained registration information of 550,000 donors made between 2010 und 2016. Included in the file was information such as names, Adressen und Geburtsdaten.
The data was copied by a person scanning for security vulnerabilities who then, through an intermediary, informed the Australian Cyber Emergency Response Team (AusCERT) with whom the Blood Service has membership, the Red Cross added.