Reading:
“Phishing messages sent to Red Cross blood donors” – Cyber attackers are trying to extract more sensitive data from the 1.3 million Red Cross data breach
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Following ‘Australia’s largest data breach‘ where 550,000 Red Cross blood donors’ information was reportedly hacked, victims have found themselves to be at a potential risk of further hacking as criminals are reportedly attempting to steal patients’ details through a recent phishing scam.
These sorts of follow-up attacks are not uncommon – when people are at their most vulnerable after a cyber attack, it can be common for other hackers or criminals to jump on the situation to try and use the hack for further gains.
Red Cross Blood Service had contracted work out to Precedent, who then allowed 1.3 million files to be accessed in the hack which contained 550,000 personal details of blood donors.
It happened through the victims completing a web form to donate blood between the years 2010 and 2016, and it was the backup of the data being stored on a database by Precedent which was then subsequently hacked.
The information accessed reportedly included names, addresses, blood types, and other personal details. The data came from entries made online to see whether people were eligible to donate blood.
It’s further alleged that sensitive medical information was also leaked. Medical information is fast becoming a hot commodity. Why? Aside of the records detailing your last check-up, prescribed medication, or injections, your medical records are a comprehensive document about you. Records can contain a lot of your personal details, which may include your name, physical address, and sensitive information like bank details, date of birth etc. This is not only useful for basic identity fraud but also medical fraud, which can be more profitable. This can allow cyber-criminals to use the personal data to purchase medical equipment or worse, file fraudulent insurance claims.
Now, cyber attackers are apparently trying to extract sensitive information by sending out phishing messages. The attackers can camouflage themselves as a trustworthy entity, by doing things like pretending to be the Red Cross Blood Service sending out text messages off the back of the well known hack.
The Red Cross was made aware of this when they received reports of the scam from several donors. The report shows that blood donors were informed that there was an anomaly and that further action was needed by clicking an ambiguous link.
Nature of the phishing messages
There is widespread concern that cyber attackers are using these phishing messages to dupe victims into further hacking. The scam is sophisticated in the way that messages are sent as a ‘flash SMS’. This displays the message directly on the screen but is not automatically stored, allowing the message to disappear. This has led many to believe that the phishing scam is just part of the ground work that will form part of a larger hack.
The Red Cross Blood Service are trying to be more proactive in their cyber security as a result of what’s happened. They have since sent out warning messages to patients to confirm that these phishing messages are not from the organisation and that they must be “disregarded and deleted”. The Blood Service has also updated their website with further advice, advising patients to “remain vigilant”.
A [low] risk remains
The Red Cross Blood Service may breathe a sigh of relief as only two copies of the database have allegedly been accessed, which have since been erased. Logically, this lowers the risk of further hacks. However, it’s still not certain whether this is the case. What can be said for sure is that sensitive data was leaked on a web server, which potentially allows anyone access to the information. The Red Cross Blood Service needs to step up their cyber security ‘A game’ as data breaches are fast becoming an issue worldwide, and there are no visible signs these type of breaches are slowing down.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
