Legal help for data breach compensation claims

“Phishing messages sent to Red Cross blood donors” – Cyber attackers are trying to extract more sensitive data from the 1.3 million Red Cross data breach

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

Following ‘Australia’s largest data breach‘ where 550,000 Red Cross blood donors’ information was reportedly hacked, victims have found themselves to be at a potential risk of further hacking as criminals are reportedly attempting to steal patients’ details through a recent phishing scam.

These sorts of follow-up attacks are not uncommon – when people are at their most vulnerable after a cyber attack, it can be common for other hackers or criminals to jump on the situation to try and use the hack for further gains.

Circumstances of the breach

Red Cross Blood Service had contracted work out to Precedent, who then allowed 1.3 million files to be accessed in the hack which contained 550,000 personal details of blood donors.

It happened through the victims completing a web form to donate blood between the years 2010 and 2016, and it was the backup of the data being stored on a database by Precedent which was then subsequently hacked.

Information accessed, and why it’s an issue

The information accessed reportedly included names, addresses, blood types, and other personal details. The data came from entries made online to see whether people were eligible to donate blood.

It’s further alleged that sensitive medical information was also leaked. Medical information is fast becoming a hot commodity. Why? Aside of the records detailing your last check-up, prescribed medication, or injections, your medical records are a comprehensive document about you. Records can contain a lot of your personal details, which may include your name, physical address, and sensitive information like bank details, date of birth etc. This is not only useful for basic identity fraud but also medical fraud, which can be more profitable. This can allow cyber-criminals to use the personal data to purchase medical equipment or worse, file fraudulent insurance claims.

Phishing messages

Now, cyber attackers are apparently trying to extract sensitive information by sending out phishing messages. The attackers can camouflage themselves as a trustworthy entity, by doing things like pretending to be the Red Cross Blood Service sending out text messages off the back of the well known hack.

The Red Cross was made aware of this when they received reports of the scam from several donors. The report shows that blood donors were informed that there was an anomaly and that further action was needed by clicking an ambiguous link.

Nature of the phishing messages

There is widespread concern that cyber attackers are using these phishing messages to dupe victims into further hacking. The scam is sophisticated in the way that messages are sent as a ‘flash SMS’. This displays the message directly on the screen but is not automatically stored, allowing the message to disappear. This has led many to believe that the phishing scam is just part of the ground work that will form part of a larger hack.

Red Cross’ warning

The Red Cross Blood Service are trying to be more proactive in their cyber security as a result of what’s happened. They have since sent out warning messages to patients to confirm that these phishing messages are not from the organisation and that they must be “disregarded and deleted”. The Blood Service has also updated their website with further advice, advising patients to “remain vigilant”.

A [low] risk remains

The Red Cross Blood Service may breathe a sigh of relief as only two copies of the database have allegedly been accessed, which have since been erased. Logically, this lowers the risk of further hacks. However, it’s still not certain whether this is the case. What can be said for sure is that sensitive data was leaked on a web server, which potentially allows anyone access to the information. The Red Cross Blood Service needs to step up their cyber security ‘A game’ as data breaches are fast becoming an issue worldwide, and there are no visible signs these type of breaches are slowing down.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Matthew on November 24, 2016
Posted in the following categories: Scammers and tagged with | |


Companies must not drop their security ‘A-Game’ – The rise in data breaches and cybercrime year on year
“Cheaper car insurance if you give us access to your Facebook profile” – Admiral wants to create a new service which could potentially breach data privacy rights
%d bloggers like this: