Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
You may have seen the recent news coverage of the huge data breach in Australia involving the Australian Red Cross Blood Service.
It seems they’re the next organisation to face a gruelling investigation into how 550,000 of their patients’ details were accessed by an “unauthorised person”. It has been described as Australia’s largest data breach to date, and it’s a real concern, as most data breaches are.
The breach involved the unauthorised access of some 1.3 million files, with over half a million of those files containing personal information about blood donors. It was made public knowledge after there was a “tip-off”, and the 550,000 people whose personal information has been breached are those who had completed a web form to donate blood between 2010 and 2016.
The information that was accessed included names, addresses, blood types, and other personal details. The database was backed up onto a server that was managed by a contractor called Precedent, and the cyber hacker reportedly ‘found’ the database, which was allegedly neither protected nor encrypted.
It goes without saying that this is extremely worrying.
Results of an initial investigation found that no ‘deep personal records’ – such as medical records or test results – were accessed. However, how can they say for sure that medical records were not accessed? With a small amount of detail, it’s amazing what cyber hackers can do with the information.
On top of that, if the information that was breached was easy to find, how can we trust that more sensitive information wasn’t, or isn’t, also easy to find as well?
The Blood Service potentially faces a fine of up to $1.7 million Australian Dollars for the breach, which would be the largest fine inflicted on an organisation in Australia. In comparison, Australian telecom Telstra was only fined $10,000 Australian Dollars for a data breach involving 16,000 of their customers.
We would hope that a fine of a greater amount would deter future lapses in security, and send warning signals to other organisations to take cyber security seriously, and keep personal information under wraps.
The risk of the information being misused is apparently low.
Red Cross reportedly notified donors as soon as the news of the unauthorised access came out, but this doesn’t change the fact that it is the organisation’s responsibility to keep personal information properly safe in the first place.
By failing to secure this data, they have committed a data breach of the Privacy Act. The Privacy Act includes 13 Australian Privacy Principles which apply to some private organisations, non-profit organisations, and most Government organisations. One of the main principles that stand out in this case is to ‘keep personal information secure‘ which the Blood Service has clearly failed to do this in our view.
Their laws can be fairly similar to what we have over here in the UK – i.e. it’s all about making sure the organisation has a clear responsibility to keep information and data safe.
The Blood Service should seek to review its contractor, Precedent, as their privacy statement states “we store your information securely on our computer system…” – but, in this case, it seems quite clear to us that Precedent grossly failed to achieve this.
It has been reported that the breach occurred due to a “human error” but that doesn’t mean that it cannot be prevented in the first place, and nor does it mean that it removes any responsibility on the part of the company either.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.