Phishers go after Red Cross data breach victims

Opportunistic cyber attackers are attempting to pilfer sensitive data from individuals affected by the Red Cross Blood Service data breach by sending text messages containing phishing links.

Around 1.3 million records relating to 550,000 individual blood donors were exposed online last month after the blood service's website partner Precedent published a backup database to a publicly-exposed web server.

The 1.74GB file, which contained records going back to 2010, involved personal data as well as sensitive medical information. The amount of information involved in the leak earned it the title of Australia's largest-ever data breach.

The leak was made public last Friday, and scammers are already using the incident to try and extract sensitive information from individuals.

The Red Cross Blood Service has received reports from six donors about being targeted by a text message that purports to be from the organisation.

The text advises victims that they have an anomaly in their blood donation, and asks them to click on a dubious link.

The messages are being sent via Flash, or class zero, SMS, which pop up on the full screen of the device and disappear without a trace once the message is dismissed. The use of class zero SMS has given rise to the theory that the scammers are using the method as a testing ground before a wider campaign.

The blood service has reported the issue to AusCERT, which has been working with the organisation to handle the data breach, and is warning customers to disregard any such messages.

"We would never communicate this type of issue in this way," a spokesperson for the blood service told iTnews.

"We remind all donors to remain vigilant, and [we] have updated our info.donateblood.com.au website with more advice about suspicious messages. If you receive any other messages that look suspicious, they should be disregarded and deleted."

The organisation said it had completed its SMS-based notifications to affected donors. 

It said it normally only sends texts to donors to confirm an appointment, thank the individual for a recent blood donation, or to request a new donation.

Given only two copies of the database are known to have been accessed - and both have now since been deleted - it is unlikely the scammers had specific access to the phone numbers of blood donors contained in the breach.