"On 26 October the Blood Service became aware a file containing donor information was placed in an insecure environment by a third party that develops and maintains the Blood Service’s website. This file contained registration information of 550,000 donors made between 2010 and 2016. Included in the file was information such as names, addresses and dates of birth. This information was copied by a person scanning for security vulnerabilities," the statement said.
The statement added that the organization considered the leak as a "human error on the part of the third party service," but the Red Cross Blood Service took responsibility for the incident and apologized to all the people affected by the breach.
Australian media characterize the breach as one of the largest data breaches in Australia's history.