“Largest data breach in Australian history” – 550,000 personal details of blood donors were accessed by an “unauthorised person”

“Largest data breach in Australian history” – 550,000 personal details of blood donors were accessed by an “unauthorised person”

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

You may have seen the recent news coverage of the huge data breach in Australia involving the Australian Red Cross Blood Service.

It seems they’re the next organisation to face a gruelling investigation into how 550,000 of their patients’ details were accessed by an “unauthorised person”. It has been described as Australia’s largest data breach to date, and it’s a real concern, as most data breaches are.


The breach involved the unauthorised access of some 1.3 million files, with over half a million of those files containing personal information about blood donors. It was made public knowledge after there was a “tip-off”, and the 550,000 people whose personal information has been breached are those who had completed a web form to donate blood between 2010 and 2016.

What information was accessed?

The information that was accessed included names, addresses, blood types, and other personal details. The database was backed up onto a server that was managed by a contractor called Precedent, and the cyber hacker reportedly ‘found’ the database, which was allegedly neither protected nor encrypted.

It goes without saying that this is extremely worrying.


Results of an initial investigation found that no ‘deep personal records’ – such as medical records or test results – were accessed. However, how can they say for sure that medical records were not accessed? With a small amount of detail, it’s amazing what cyber hackers can do with the information.

On top of that, if the information that was breached was easy to find, how can we trust that more sensitive information wasn’t, or isn’t, also easy to find as well?

Potential fines

The Blood Service potentially faces a fine of up to $1.7 million Australian Dollars for the breach, which would be the largest fine inflicted on an organisation in Australia. In comparison, Australian telecom Telstra was only fined $10,000 Australian Dollars for a data breach involving 16,000 of their customers.

We would hope that a fine of a greater amount would deter future lapses in security, and send warning signals to other organisations to take cyber security seriously, and keep personal information under wraps.

The Privacy Act

The risk of the information being misused is apparently low.

Red Cross reportedly notified donors as soon as the news of the unauthorised access came out, but this doesn’t change the fact that it is the organisation’s responsibility to keep personal information properly safe in the first place.

By failing to secure this data, they have committed a data breach of the Privacy Act. The Privacy Act includes 13 Australian Privacy Principles which apply to some private organisations, non-profit organisations, and most Government organisations. One of the main principles that stand out in this case is to ‘keep personal information secure‘ which the Blood Service has clearly failed to do this in our view.

Their laws can be fairly similar to what we have over here in the UK – i.e. it’s all about making sure the organisation has a clear responsibility to keep information and data safe.

The Blood Service should seek to review its contractor, Precedent, as their privacy statement states “we store your information securely on our computer system…” – but, in this case, it seems quite clear to us that Precedent grossly failed to achieve this.

It has been reported that the breach occurred due to a “human error” but that doesn’t mean that it cannot be prevented in the first place, and nor does it mean that it removes any responsibility on the part of the company either.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon