An error by a third-party vendor’s employee led to the massive data breach that hit the Australian Red Cross last year.
The investigation into the breach found that a Precedent Communications worker made a backup copy of the Red Cross’ Donate Blood website, but instead of saving it to a secure location on their server placed it in a portion of the server that was publicly accessible, according to ARN. The breach, which took place in September 2016 but was not discovered until October 2016, exposed the records of 550,000 prospective blood donors by placing about 1.28 million records on a public facing website.
Precedent was hired to handle website development and data base management, by the Australian Red Cross. The investigation uncovered the fact that Precedent did not meet two Australian Privacy Principle requirements, but noted the incident was due to human error and was not malicious in nature, ARN reported.