The affected donors were all associated with the Missouri-Illinois Blood Services Region of the American Red Cross.
Lonnetta Shannell Medcalf, 20, of St. Louis, is facing three counts of aggravated identity theft and one count of credit card fraud.
A former telephone worker at the Red Cross branch, where, with the job of calling former donors to urge them to give blood again, Medcalf had access to as many as one million Social Security numbers.
Medcalf was fired by the Red Cross after a police investigation.
"As soon as we found out about it, she was suspended and then fired the same day," said Jim Williams, Red Cross spokesman, who added that the national database and disaster relief database were not accessed in the breach.
The Red Cross sent out the first wave of 8,000 notifications on March 17, followed by a media blitz of legal notices, advertisements and press conferences to notify the public.
The Red Cross was the victim of several swindle websites after the Hurricane Katrina disaster last year.
The FBI investigated several reports of fraudulent sites pretending to be charitable organizations collecting money for hurricane victims.
Earlier this week, the U.S. Department of Veterans Affairs said in a statement this week that the personal information of as many as 26.5 million veterans was stolen from the home of a department employee who violated government policy by leaving the office with the data.