With worldwide shortages of donated blood staying in a constant state of “crisis” level, the last thing the medical community needed was another reason for people to fear rolling up their sleeves. Over the years, false stories of becoming infected while donating or suffering some form of medical emergency due to the process have taken a toll on the available pool of willing donors. Now, the public has an entirely different–and not so far fetched–cause for concern.

red cross hack

The Red Cross has revealed that more than half a million blood donors in Australia were affected by a data breach, one that has been chalked up to human error. The human error in this case involves someone who posted a backup file of the database of donors’ information on their website, which was then accessed by an unauthorized person. In a follow-up report by The Guardian, the breach was discovered when one individual from the list of donors was actually contacted by an anonymous person and handed his own personal details, including the date when he’d last donated blood. The message contained the very ominous statement, “Here’s your personal information.”

In the realm of data breaches, this one is upsetting due to the sloppiness of the third-party contractor who maintains the website–and obviously doesn’t know much about data security–but is mid-level on the scale of harm. No information like financial records or permanent signifiers like Social Security numbers (a hot item in the world of US data breaches) were accessed. Instead, what makes this one so alarming is the “what if” world of how this could come back to haunt the donors, especially as there is medical information involved.

The biggest what if here is that many blood donors’ profiles contain detailed medical information, but there are other possibilities for what someone can do with this breached data. For now, the Red Cross has apologized to the victims and warned them to be on the lookout for scam emails and phone calls.