It has been reported that the breach occurred from human error.
A 1.74GB MySQL database backup containing 1.3 million rows and 647 different tables from the Australian Red Cross has been found to be publicly available, security researcher Troy Hunt has revealed.
As detailed by Hunt in a blog post, the data comes from an online donor application form that contains details including name, gender, address, email, phone number, date of birth, country of birth, blood type, and other donation-related data, as well as appointments they made.
Hunt said he believes this is the largest unintended release of personal data seen so far in Australia, and that a partner of the blood service was responsible, not the Red Cross itself.
"It's highly unlikely there was a valid reason for them to provide the partner with such an extensive amount of data and I'm sure there will be many questions asked as to how so much information should have been shared in the first place and indeed how much is shared in the future," Hunt wrote.