The compromised records, made up of registration data for 550,000 people from 2010 to 2016, included names, addresses, dates of birth, blood types, phone numbers and last donation dates.
Australian Red Cross Blood Service chief executive Shelly Park said at a press conference in Melbourne on Friday that the data had been accessed by an “unauthorised person”. She said access to the file had been shut down and that forensic experts were now helping the organisation with their investigation.
“The type of information included in the files include name, address, and personal details that come about from completing our short questionnaire, which is a bit like a gateway to see whether people can go ahead to donate blood. I wish to stress that this file does not contain the deep personal records of people’s medical history or of their test results. We are notifying donors as early as we believe we can, and we are notifying donors today”, said Park.
"It is vitally important that people who generously want to give blood are not deterred by this – every Australian may need a blood transfusion at some time and we hope people will continue to make their contribution and to feel confident that their personal details will be protected”, added Park.
Australia’s computer emergency response team, AusCERT, is also working with the organisation to address the problem. The Blood Service said it has already contacted the Australian cybersecurity centre, the federal police and the Information Commissioner's Office (ICO).