The personal data of 550,000 blood donors that includes information about "at-risk sexual behaviour" has been leaked from the Red Cross Blood Service in what has been described as Australia's largest security breach.

Key points: Data from blood donor registration form posted insecurely online

Data from blood donor registration form posted insecurely online Leak included identifying information and "personal details" of 550,000 donors

Leak included identifying information and "personal details" of 550,000 donors All copies of the data believed to be destroyed

The organisation said it was told on Wednesday that a file containing donor information was placed on an "insecure computer environment" and "accessed by an unauthorised person".

The file contained the information of blood donors from between 2010 and 2016.

The data came from an online application form and included "personal details" and identifying information including names, gender, addresses and dates of birth, a Red Cross statement said.

Red Cross Blood Service chief executive Shelly Park said "due to human error" the unsecured data had been posted on a website by a contractor who maintains and develops the Red Cross website.

"As an organisation, we are still in the process of completing our investigation and we have engaged forensic experts to help us with this," she said.

"We apologise and we acknowledge that this is unacceptable."

Ms Park said, to her knowledge, all copies of the data had now been deleted and the risk of misuse of the data was low.

The message received by a blood donor after a Red Cross data breach. ( Supplied )

Independent security expert Troy Hunt said he was contacted on Tuesday morning by an anonymous Twitter user who claimed to have his and his wife's personal details.

Mr Hunt said the anonymous user then sent him the data in a 1.74GB file.

He said he was never threatened or extorted by the Twitter user and contacted AusCert, a cyber emergency response team, who then notified the Red Cross of the breach.

Mr Hunt said he later deleted the file and understood the person who provided it had deleted their copy.

Data included answer to question about 'at-risk sexual activity'

Mr Hunt said the data included answers to a number of true-false eligibility questions, including one that asked donors whether they had engaged in "at-risk sexual behaviour" in the previous 12 months.

"Both the questions and answers mapped to the individuals were part of the dataset. That would be one of the most sensitive things in the breach, especially if you answered in the affirmative," he said.

Mr Hunt, who works with companies to prevent similar incidents from occurring, said as far as he was aware it was the largest data leak in Australia.

"We haven't seen one (a breach) of an Australian entity that's anywhere near this size," he said.

"We've certainly seen some very large global ones … things like the MySpace data breach, for example. We haven't seen one locally this big."

The Red Cross Blood Service said it had been in contact with the Australian Cyber Security Centre and the Australian Federal Police about the breach.

Any donors concerned about the leak can contact the Red Cross via a dedicated hotline.

The Red Cross has expressed its "deep disappointment" and set up a link where those who have been impacted by the breach can seek assistance.