Smith Family experiences data breach

Latest breach in Australia hits charity organisations

The Smith Family has experienced a cyber incident. The incident involved a Smith Family team member’s email account being temporarily accessed by an unauthorised third party.

They were seeking to steal The Smith Family’s funds. On discovery of this incident, the Charity promptly acted, and the attempts were unsuccessful.

Following this, immediate steps were taken to secure its systems.

“We then commenced an investigation of the incident and engaged specialist cyber security experts to understand what happened. We have also taken steps to further strengthen our systems,” stated The Smith Family.

From its investigation, the Smith Family identified that during the attempt to steal our funds, personal information about some individuals may have been accessed.

The personal information of supporters that might have been accessed includes a mixture of:

  • name
  • address (if provided to The Smith Family).
  • phone number (if provided to The Smith Family).
  • email address (if provided to The Smith Family); and
  • donation amount.

And in some cases:

  • first 4 and last 4 digits of the credit or debit card used to donate; and,
  • information about whether a donation payment was processed successfully or declined

The Charity can confirm for those with potential credit or debit card details accessed, no middle digits, or CVV numbers were accessed as The Smith Family does not store that information in its systems.

The data accessed cannot be used to make fraudulent purchases.

Our investigation also identified some other information which may have been accessed but does not require formal notification.

The Smith Family also does not request, collect, or hold personal identity documents such as passports or drivers’ licences of our supporters, as these are not required to process their generous donations.

While there is no current evidence of misuse of any individual’s personal information, we are informing individuals about the incident and providing simple steps to protect their information and avoid any potential scams.

“We are also contacting individuals whose personal information was not accessed and are not directly affected by this incident as we want to communicate transparently to our supporters.”

The Australian Cyber Security Centre (ACSC) and Office of the Australian Information Commissioner (OAIC) have been notified. This incident is not thought to be related to the Optus or Medibank cyberattacks.



Leave a Comment

Related posts