Are your personal details floating around the internet?
It used to be that the scariest part about donating blood was the needle. But for seven weeks last year, the personal details of 1.28 million Australian donors were exposed online. Worse: along with names, email addresses, phone numbers, and blood types, the records occasionally included sensitive medical information – such as whether a person had recently engaged in high-risk sexual activity.
The Australian Red Cross wasn’t hacked, it just put too much faith in a third party to keep this information safe. That’s a lesson we can all learn from.
What went wrong?
When people booked an appointment with the Red Cross, their information was stored in a database by the Red Cross’ technology partner. Unfortunately, they stored it on an open computer server, meaning that anyone with the right URL could access the list of donors.
A sorting hat for hackers
Dr Nick Patterson, a teaching scholar at Deakin’s School of Information Technology, says hackers come in three flavours. ‘There are ‘script kiddies’, who often use publicly available, pre-made tools.’ Script kiddies are nuisances who often know how to break websites, but usually not enough to dig into databases and extract valuable personal information.
Dr Patterson further explains, ‘Then there are white hat or ‘ethical’ hackers, who are frequently hired by companies to either help defend, detect or determine how an attack occurred.’ It was a white hat hacker who pointed out the Red Cross mistake.
The third type of hackers are the black hats. This group breaks into computer systems for profit or other dubious motives. ‘They’re often very knowledgeable when it comes to penetrating digital defences, and are behind many of the attacks you hear about in the news,’ Dr Patterson says. Sometimes black hat hackers work as individuals, but often they come together to form hacker collectives, or are even sponsored by companies and countries to carry out attacks on rivals.
'They’re often very knowledgeable when it comes to penetrating digital defences, and are behind many of the attacks you hear about in the news'
Dr Nick Patterson,
Deakin University, School of Information Technology
Flow on effects
Financial harm from hacking is just the tip of the iceberg – ‘The loss of reputation in particular can be devastating,’ Dr Patterson says.
While big businesses like Sony can shrug off the occasional data breach, small and medium-sized businesses suffer when people lose confidence in their security measures. For good measure as well, with examples like the Ashley Madison hack – where the names and emails of the people using the extramarital affairs website were made public – resulting in ruined reputations and shattered relationships.
In the case of blood bank services like those offered by the Red Cross, though, a lack of trust can be deadly, with fewer people ready to hand over their personal details along with their blood.
Keep yourself secure online
There’s a possibility that every time you fill out a form, sign up to something or use your credit card to purchase items, that this information will end up in the wrong people’s hands. However with everything becoming more connected to the online world, it’s unrealistic to stay offline forever.
Dr Patterson has outlined a few simple steps you can take to help keep your online information safe:
- Change your password often and never use the same one between different sites
- Watch out for ‘shoulder surfers’ in public locations, who read your password as you type it
- Install anti-malware and antivirus software on your devices
- Don’t respond to random emails or messages that ask you for personal information
- Avoid ‘phishing’ emails; these are often fake emails from your bank, asking you to click on a link
Given the thousands of attacks that take place each day, some of these tips might save you from becoming a victim. In the meantime you can check to see if your email account’s already been compromised in a data breach.
Want to learn more about how to keep secure online? Study cyber security at Deakin.
Dr Nick Patterson
School of Information Technology, Deakin University
- Don’t miss