More than half a million Australian Red Cross donors have had their personal details compromised after a data breach, the aid agency says.
The Red Cross said human error from a third party developer led to a back-up of web-based inquiry forms being placed in an insecure part of its website. The forms are submitted to donate blood.com.au, and by people making appointments to give blood.
The back-up file contained information on 550,000 people who completed a web form to access a donation between 2010 and 2016.
"The type of information included in the files include name, address, and personal details," Red Cross CEO Shelly Park said at a press conference on Friday.
"Personal details that come about from completing our short questionnaire, which is a bit like a gateway to see whether people can go ahead to donate blood.
We apologise and take full responsibility for this. We apologise and we acknowledge that this is unacceptable. Our apology is unreserved. We are incredibly disappointed.Shelly Park
The Red Cross is working with the office of Australian Cybersecurity Centre, and has engaged ID CARE, a national identity and cybersecurity service, to assess what the risk is to donors.
"We have been told that there is a very low risk of future misuse," she said.
"I repeat -- there is low risk of future misuse of this data. However, donors affected do need to be affair there is an increased risk of cybersecurity and they, therefore, need to look at phone and email scams.
"That is what we believe their risk is, an increase of phone and email scams."