Red Cross Blood Service Data Breach! Victims Are Getting Phishing Texts!

Have you ever donated blood? Well, after donating blood donors often receive some treats such as cookies, juice, and fruits etc. It helps the donors to get their energy back. But Australian Red Cross Blood Service gave a shocking treat to the blood donors a few days ago. The personal data of 550,000 blood donors has been exposed by Australian Red Cross. The computer emergency response team of Australia (AusCERT) informed the Red Cross Blood Service Australia about this incident on Tuesday.

How did it happen?

An employee of Australia’s Red Cross Blood Service which handles its official website was working with a developer. He accidentally left a file of 1.74 GB on a public server. This file contains personal details of 550,000 blood donors. The shocking fact about this incident is, this file was publically available on official website of Red Cross Blood Service, from 5th September 2016 to 25th October 2016. Nobody even noticed it.

How Red Cross Came To Know About This Incident?

An anonymous twitter user sent a message to security expert Troy Hunt by writing, “Here is your Personal Data”. Initially, Troy was shocked because all his personal details which he filled in Red Cross Blood Service form were included in that message. Then he asked about it from the sender. His twitter contact explained about it to Troy and him later he sends the whole file to Troy Hunt. After watching that file, Troy contacted AusCERT( Australia’s Computer Emergency Response Team). After that, AusCERT explained the issue to Red Cross Blood Service.

Who Stole The Data From Website?

AusCERT and Red Cross Blood Service have no idea about, how many people have downloaded that file and how many of them are using the information for personal benefits. Leaked data contains Full Name, Residential Address, Personal Contact number, Medical History and Blood Group. From last two years, hackers are targeting health care industry to steal personal information of people. According to a report of Dark Reading, data worth $6.2 Million has been breached by hackers in last two years.

"In the case of Red Cross Blood Service Australia, nobody hacked the database. It was the mistake of a developer, who left the entire backup on a public server and it was accessible for anybody from the public website. It is the largest Health Care Data Breach of Australia till the day."

Victims Are Getting Phishing Texts

The leaked data contains personal contact number and medical history of donors. Phishers are sending phishing text messages to victims on the behalf of Blood Bank. Scammers are writing, “You have Anomaly in your blood donation.” Alongside this message, they are sending malicious links to victims. These malicious links are redirecting victims to third party websites which are the home of malware. Scammers could install malware in victim’s device to steal personal information from the device and to earn more click bait profit by doing malvertising. They can perform many other cyber-attacks by installing malware on the device.

"Scammers are sending these messages via Class Zero and Flash. Victims are getting these messages in the form of pop-ups, which covers the whole display of a device. It seems like, scammers are planning to do something big and for now they are only testing their network."

How to be Safe from Scammers?

A report has been released by Red Cross Blood Service Australia. They informed the donors that they are not doing any activity to inform the donors about their reports on their mobile devices. Red Cross also informed the donors about these Phishing messages. A website info.donateblood.com.au has been published by Red Cross Blood Service to inform the donors about phishing messages.

Don’t open those text messages, which you are getting via Flash and Class Zero.

Don’t respond any message, which you are getting regarding your blood donation report.

Inform the other people about this phishing scam.

Similar Articles: