Oxfam Australia responds to alerts of data breach affecting its 1.7 millions supporters
Published 8 February 2021
Oxfam is trying to work out what data was accessed
Oxfam Australia, a non-for-profit aid and development organization, is investigating a suspected cyberattack that has allegedly impacted the data of 1.7 million donors.
Forensic specialists have been brought to “assist in identifying whether data may have been accessed and any impact on its supporters”.
The matter has also been reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
While it is not yet known whether any data has been compromised, Bleeping Computer earlier this week reported that a threat actor had tried to sell one of the charity’s databases.
The database is alleged to contain contact and donor information, including names, email addresses and phone numbers, for about 1.7 million Oxfam Australia supporters.
In response, Oxfam responded in a statement that these allegations are not verified, stating that IT experts “[continue] to be confirming the type of data that may have been accessed and whether any of our supporters are impacted”.
“Launching the investigation and ascertaining key facts have been our priorities, but this is a complex issue and inquiries are in their early stages,” she said.
The company updated on Feb. 9 that it is “in the process of notifying all supporters for whom we have a contactable email address”, and urged donors to contact them with any questions.
This is not the first charity data breach that happened of late. The largest woodland conservation charity in the United Kingdom, Woodland Trust, has just confirmed that it was hit with a cyberattack in December 2020.
Woodland Trust experienced disruption as many systems are offline, affecting the ability to support “certain services” for members and supporters, the company said in a statement.
Charities are especially vulnerable to hackers and other malicious elements because they are sometimes perceived as easy targets.
Some charities do not adequately invest in data security and other charities lack the resources to adequately respond to such attacks. In addition, charities often have a treasure trove of sensitive information, such as payment details, as well as personally-identifiable information about donors.
This also reinforces a recent report on the rising data breaches in Australia, which mostly involves contact information and financial details, W.Media reported.