“Phishing messages sent to Red Cross blood donors” – Cyber attackers are trying to extract more sensitive data from the 1.3 million Red Cross data breach
email breach

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

“Phishing messages sent to Red Cross blood donors” – Cyber attackers are trying to extract more sensitive data from the 1.3 million Red Cross data breach

Following ‘Australia’s largest data breach‘ where 550,000 Red Cross blood donors’ information was reportedly hacked, victims have found themselves to be at a potential risk of further hacking as criminals are reportedly attempting to steal patients’ details through a recent phishing scam.

These sorts of follow-up attacks are not uncommon – when people are at their most vulnerable after a cyber attack, it can be common for other hackers or criminals to jump on the situation to try and use the hack for further gains.

Circumstances of the breach

Red Cross Blood Service had contracted work out to Precedent, who then allowed 1.3 million files to be accessed in the hack which contained 550,000 personal details of blood donors.

It happened through the victims completing a web form to donate blood between the years 2010 and 2016, and it was the backup of the data being stored on a database by Precedent which was then subsequently hacked.

Information accessed, and why it’s an issue

The information accessed reportedly included names, addresses, blood types, and other personal details. The data came from entries made online to see whether people were eligible to donate blood.

It’s further alleged that sensitive medical information was also leaked. Medical information is fast becoming a hot commodity. Why? Aside of the records detailing your last check-up, prescribed medication, or injections, your medical records are a comprehensive document about you. Records can contain a lot of your personal details, which may include your name, physical address, and sensitive information like bank details, date of birth etc. This is not only useful for basic identity fraud but also medical fraud, which can be more profitable. This can allow cyber-criminals to use the personal data to purchase medical equipment or worse, file fraudulent insurance claims.

Phishing messages

Now, cyber attackers are apparently trying to extract sensitive information by sending out phishing messages. The attackers can camouflage themselves as a trustworthy entity, by doing things like pretending to be the Red Cross Blood Service sending out text messages off the back of the well known hack.

The Red Cross was made aware of this when they received reports of the scam from several donors. The report shows that blood donors were informed that there was an anomaly and that further action was needed by clicking an ambiguous link.

Nature of the phishing messages

There is widespread concern that cyber attackers are using these phishing messages to dupe victims into further hacking. The scam is sophisticated in the way that messages are sent as a ‘flash SMS’. This displays the message directly on the screen but is not automatically stored, allowing the message to disappear. This has led many to believe that the phishing scam is just part of the ground work that will form part of a larger hack.

Red Cross’ warning

The Red Cross Blood Service are trying to be more proactive in their cyber security as a result of what’s happened. They have since sent out warning messages to patients to confirm that these phishing messages are not from the organisation and that they must be “disregarded and deleted”. The Blood Service has also updated their website with further advice, advising patients to “remain vigilant”.

A [low] risk remains

The Red Cross Blood Service may breathe a sigh of relief as only two copies of the database have allegedly been accessed, which have since been erased. Logically, this lowers the risk of further hacks. However, it’s still not certain whether this is the case. What can be said for sure is that sensitive data was leaked on a web server, which potentially allows anyone access to the information. The Red Cross Blood Service needs to step up their cyber security ‘A game’ as data breaches are fast becoming an issue worldwide, and there are no visible signs these type of breaches are slowing down.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon