The personal data of more than one million Australian citizens donating blood at The Red Cross has been compromised by an ‘unauthorised person’.
More than one million personal and medical records dating back to 2010, including all their personal details, donors’ names, Email, and some even their sexual activity, were compromised by cybercriminals.
This significant data breach was uncovered through a scan of IP address ranges and then published to a publicly-facing website.
Mark James, ESET IT Security Specialist, discusses what companies and organisations need to do in order to protect the data of their users.
“In this age of data sharing, many organisations look at logistics before security.
“If the data needs to be accessible by many people, then security priority is top of the list.
“Protecting your data is an accumulation of many things: multi-layered defence is made up from security software, hardware, education and the expertise to meld them all into one and ensuring corners are not cut or shortcuts are not in place is all part of securing your data.
“Ensuring your software is patched and up to date is one of the biggest failings, many webservers are using outdated software that still has vulnerabilities or flaws waiting to be exploited.
“All of the software available these days is able to scan multiple IP addresses looking for certain types of files, meaning most of the hard work has already been done for the attacker.
“If the correct authentication methods were in place, and periodic security reviews on all servers holding or handling our private data, then a lot of these breaches would not have happened.
“Data and server segregation will help to keep the private info private, and only once authentication has happened can the relative servers talk with each other.
“Having open facing servers available for plunder by all and sundry, is just sloppy these days and is easily fixable.”
Do you feel as if there is a skills shortage of people who can implement simple IT security solutions? Let us know on Twitter @ESETUK
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.