According to the Australian Red Cross said that registration information of 550,000 blood donors had been compromised, in which they blamed on human error by a third party contractor.
Tory Hunt a security researcher said that the leaked information consisting of 1.74GB with about 1.3 million records, contains information about blood donors, such as name, gender, physical address, email address, phone number, date of birth, blood type, country of birth, and previous donations.
The information from 2010 to 2016 was available online on the website from September. 5th to October. 25th. of this year.
Tory Hunt wrote that he was contacted on Tuesday morning by someone who found the data on donateblood.com.au, the website of the Blood Service, while scanning internet IP addresses on the lookout for publicly exposed web servers returning directory listings.
The backup database was published to a publicly facing website, which had directory browsing enabled on the server, according to Hunt. Troy said he contacted AusCERT, the Australian version of the computer emergency response teams that many countries including the U.S. have, and they got in touch with the Red Cross.