A Malaysian blood donation and donor management platform, MyBloodMiles, has allegedly been breached by threat actors. Information regarding the unauthorized access was posted on a dark web forum, claiming to have gained entry to the website’s admin panel. MyBloodMiles appears to be a system designed to manage and encourage blood donations, connecting with donors and handling sensitive personal and medical information, making any potential data leak a significant privacy concern.
The perpetrators of the attack allegedly gained access to the backend systems of the platform, exposing a trove of highly sensitive data. Screenshots shared by the threat actors suggest that the compromised information includes detailed records of blood donors and blood bag inventories. This allegedly exfiltrated data contains personal and medical details crucial to the blood donation process. The breach highlights the critical need for robust security measures within healthcare-related platforms that store citizen data.
The data allegedly accessed from the admin panel includes:
- Donor names
- Barcodes
- Blood types
- Eligibility status
- Blood bag received and expiry dates
