Red Cross Blood Service chief executive Shelly Park told reporters on Friday a file containing donor information for more than 550,000 people was accessed by an unauthorised person after it was placed on an insecure computer.
The compromised file related to an online applications to give blood, dating back to 2010.
The organisation is now attempting to contact the donors embroiled in the compromise, and has been sending text messages to those who have donated.
The breached information included the names, addresses, phone numbers, dates of birth, last donation date of donors, as well as the type of donation made.
The text message the Red Cross has sent to former donors. Source: Supplied
Ms Ross said all copies of the data had now been deleted, and the breach was a result of human error.
"As an organisation, we are still in the process of completing our investigation and we have engaged forensic experts to help us with this," she told reporters.
"We apologise and we acknowledge that this is unacceptable."
In a statement released on social media, Ms Park said: "We are deeply disappointed this could happen. We take full responsibility for this mistake and apologise unreservedly."
The organisation's Blood Service spokesman Shaun Inguanzo told AAP: "It's not something you could Google but it's a website that, when someone is provided with the link, they might be able to access."
Human rights lawyer George Newhouse said the incident reinforced the need for the mandatory reporting of data breaches.
"This incident highlights how vulnerable organisations and individuals are to unauthorised access," the associate professor said.
The Australian Cyber Security Centre and the Australian Federal Police were in contact with the Red Cross Blood Service about the breach.
-With AAP
Recommended reading
No one disciplined at IBM over census
