Non-Profit Organization Oxfam Australia Was The Victim of a Recent Data Breach
The Charity said donors’ personal information were, ‘unlawfully accessed’.
Oxfam Australia is an affiliate of Oxfam International. Based in Australia the entity is an independent, not-for-profit, secular, community-based aid and development organization that employs 4.6 million people working all around the world.
Oxfam Australia is operating from individual households to global forums with the purpose to save lives before, during, and after humanitarian crises, whilst working locally with people and communities to support their development and influence policies and practices that will reduce poverty.
What happened?
Oxfam Australia had confirmed to have suffered a severe data breach after a database containing supporters’ information was “unlawfully accessed”.
In a statement released earlier this month, the charity declared that a cyber attacker gained access to the database on the 20th of January.
“Following an independent IT forensic investigation, Oxfam Australia announced today that it has found supporters’ information on one of its databases was unlawfully accessed by an external party on 20 January 2021.
The database includes information about supporters who may have signed a petition, taken part in a campaign, or made donations or purchases through our former shops.
While the investigation found that no passwords were compromised, the database unlawfully accessed by the external party for the majority of supporters included names, addresses, dates of birth, emails, phone numbers, gender, and in some cases, donation history.
For a limited group of supporters, the database contained additional information, and Oxfam is contacting these supporters directly to inform them of the specific types of information relevant to them.”
It looks like the breach went unnoticed for about a week; Oxfam Australia stated that, as soon as they realized the breach was happening, they’ve engaged “industry-leading forensic IT experts” to conduct an investigation.
On February 4th Oxfam Australia began informing the victims and offering guidance on “steps they can take to protect their information”.
Have any credit card/bank details been accessed?
Oxfam declared that there was a small group of supporters who may have had their bank name, account number, and BSB accessed, or part of their credit and debit card details accessed.
In their statement, Oxfam Australia “encourages everyone to practice normal cybersecurity awareness and be careful when responding to unsolicited communications, including phone calls, SMS messages and emails, particularly when these request personal and account information or accessing any links or attachments.“
The authorities were notified.
Oxfam Australia declared to have reported the data breach to the relevant authorities and is now working with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
At the time we’re reporting this event, the charity has warned all supporters to be wary of any scam calls, emails, or text messages that may be a result of the breach.